Key Changes on Authentication Front:
• Broad range of MFA permitted for AAL2 – both phishing resistant and others
• Phishing Resistance
•Added definition and requirements for phishing resistant authenticators.
•Reference to OMB 22-09 Zero-Trust requirements for phishing resistant authenticators.
•Biometric Performance Requirements
•Updated biometric performance requirements and metrics.
•Guidance for addressing equity impacts.
•Account Recovery
•Additional guidance for account recovery options, including subscribers with limited access to multiple authenticators.
•Activation Secrets
•Guidance and requirements for activation secrets used by authenticators to access a stored secret key used for authentication.
•Wireless Connections for Cryptographic Authenticators
•Guidance and requirements for use of wireless (Bluetooth, NFC) connections between the authenticator and endpoint for cryptographic authentication.
•Equity Considerations for Authentication Processes