|
|
|
|
|
|
by xenophonf
1594 days ago
|
|
|
login.gov meets IAL2 since it NIST SP 800-63-3 "allows for remote or in-person identity proofing" (800-63A page 8). Likewise, TOTP is explicitly mentioned as an allowed multi-factor OTP authenticator (800-63B pages 20-21). I'm not aware of changes in SP 800-63-4 that would affect login.gov's current implementation, but it's been a minute since I last read the -4 draft and could be wrong. |
|
|
The IRS can't do identity proofing (hence the need for ID.me, which is implementing "remote or in-person identity proofing"), and login.gov doesn't do it for the agency. Login.gov can only record whether the identity was created at IAL-1 or IAL-2.
Use of login.gov is orthogonal to the question of ID.me.