Last week President Obama signed an executive order that is getting a lot of attention for mandating “Chip & PIN” EMV technology for all federally-issued payment cards and terminals. My colleague, Philippe Benitez, wrote a great piece about it here.
It’s understandable that EMV is in the spotlight these days as the entire nation is set to transition payment cards to EMV chip technology. But there’s more than EMV in Obama’s mandates. Read on to section 3 of the executive order, and you’ll find that President Obama outlined plans to vastly improve online security for citizens logging on to government sites and services. In an effort to curb data breaches and identity fraud, Obama called for federal sites to use multifactor authentication instead of a standard username & password combination, which has proven to be vulnerable to hackers. Using multifactor authentication will “help ensure that sensitive data are shared only with the appropriate person or people.”
Personally I applaud the signing of this order because it represents a pivotal step in laying the foundation for a secure online environment where citizens can feel safe sharing their personal information. With the growing number of government services offered online, Obama’s mandate of multifactor authentication emphasizes the importance of keeping its citizens’ trust by implementing higher security standards. It’s an example that we expect more and more consumer sites to follow.
To underscore the urgency of protecting data online, Obama’s order gives the National Security Council staff only 90 days to present a plan and 18 months to implement multifactor authentication across all federal agencies that “make personal data accessible to citizens through digital applications.” Additionally, the order calls for any security measures to be consistent with NSTIC guidelines.