US government rolls out 2-step verification for .gov domain owners

guest · Oct 8, 2018

US government rolls out 2-step verification for .gov domain owners
October 8, 2018
https://www.zdnet.com/article/us-government-rolls-out-2-step-verification-for-gov-domain-owners/

The US government is rolling out new security protections for .gov domains with measures meant to prevent DNS domain takeover attacks.

Starting last week, with October 1, DotGov, the official registrar that manages official .gov domains for the US government has begun rolling out a 2-step verification (2SV) system to protect .gov registrar accounts.

The 2SV mechanism that DotGov chose to implement is Google Authenticator.

"This extra layer of security makes it harder for someone to log in as you, which protects the services you make available to the public via a .gov domain," DotGov said in FAQ page with details about the 2SV rollout.
Click to expand...

Palancar · Oct 9, 2018

Surprisingly, our biggest agency doesn't even offer U2F along with these changes. They are using Google Authenticator, which is TOTP. Its better than no 2 factor by a long shot but far short of U2F. Next, most non-techie users will not even have a clue how to backup their QR/base 32 code in the event their cell is lost or broken. Without a backup code that will be a major hassle for the Admins dealing with all the "hand holding". I love TOTP in the hands of a techie, but NOT for uninformed users.

Log in or Sign up

US government rolls out 2-step verification for .gov domain owners

guest Guest

Palancar Registered Member

Log in or Sign up

US government rolls out 2-step verification for .gov domain owners

guest Guest

Palancar Registered Member

Useful Searches