NIST expands passkey, digital wallet direction in updated identity guidelines draft
The National Institute of Standards and Technology is again seeking comment on draft guidance for digital identities following updates responsive to the first round of public comments.
A second version of the draft guidance, posted Wednesday, provides additional detail for passkeys — or syncable authenticators — and digital wallets after commenters on the first draft asked for those areas to be expanded, according to a release from the agency. The new draft also adds to guidance on more traditional identification methods.
The draft guidelines and corresponding companion publications are aimed at providing direction to ensure various methods that people use to prove who they are when accessing government services — such as digital wallets, passkeys, and physical ID cards — stay secure, private and accessible, according to the release.
NIST first announced a draft in December 2022 and received nearly 4,000 comments from 140 organizations during the four-month comment period in 2023, the agency said.
“We are trying to make sure we maintain as many pathways as possible to enable secure online access to services,” Ryan Galluzzo, NIST’s digital identity program lead and an author of the publication, said in a press release. “We want to open up the use of modern digital pathways while still allowing for physical and manual methods whenever they may be necessary.”
According to the release, updated guidance for passkeys are in SP 800-63B and updated guidance for digital wallets is in SP800-63C. On digital wallets in particular, Galluzzo said NIST “added guidance on how to trust the wallet itself and on how to trust its contents.”
Updated guidance on more traditional forms of identification, meanwhile, includes information on “in-person identity proofing and mechanisms for handling exceptions” and trusted people who can vouch for someone without identification documentation known as an “applicant reference,” according to the release.
The new draft also updates guidance on the use of biometrics on images of people’s faces. According to the release, the authors of the report received input from NIST’s facial recognition experts for those changes. According to the release, while Galluzzo said that biometric-based systems are still in the draft, going forward, those methods will need to be accurate, follow privacy requirements in the guidance, and include manual methods for addressing issues.
Comments on the new draft are due by Oct. 7.
