recommended reading

NIST Testing out Passwordless Smart Home


technology. // Thinkstock

The federal government wants consumers to abandon passwords, even for smart home appliances that collect large amounts of personal data.

As part of a new pilot, the National Institute for Standards and Technology awarded a $1.86 million grant to a tech company claiming it can devise a security system that protects individuals' data in the "Internet of Things," but also saves consumers from "password fatigue" (having to manage several increasingly complex codes to access their own systems). 

Tozny, a subsidiary of tech company Galois, aims to test one system that encrypts user data generated by the "smart home," and another that would let transit riders use their mobile phones as tickets, Galois principal investigator Isaac Potoczny-Jones said in a blog post outlining more details about the project. 

The NIST pilot, through an initiative called the "National Strategy for Trusted Identities in Cyberspace," focuses on these two applications. But NIST has recently been drafting broader standards for tech companies creating products for the "Internet of Things": In September, it released a Draft Framework for Cyber-Physical Systems, essentially a guide teaching device manufacturers how to build safer devices. 

The company already has a smart-home security pilot in apartments in Portland, Oregon, and San Francisco. Its app allows users to control and monitor their lights, energy use, and home security from anywhere using their smartphone. Tozny plans to collaborate with mobile payment company GlobeSherpa on the transit ticketing project. 

NIST isn't the only federal group thinking beyond the password.

At a conference last week, the Defense Department's Deputy Chief Information Officer for Cybersecurity Richard Hale told an audience "replayable" access keys such as passwords, which can be used more than once, could make the physical assets in the Internet of Things more vulnerable to intruders.

The Pentagon has worked to "basically get rid of things like passwords and move to credentials" for access to virtual networks, he said.

"The Internet of Things is going to need the same thing . . . We have to drive out passwords," Hale added. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.