The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency published fact sheets outlining threats against systems “using certain forms of multi-factor authentication,” InfoSecurity Magazine reports. The CISA recommended organizations implement “phishing-resistant MFA" solutions, such as FIDO/WebAuthn, and public key infrastructure designed to prevent “push (notification) bombing” or “push fatigue.” To prevent vulnerabilities within application-based authentication, the CISA recommended employing “one-time passwords, mobile push notifications with number matching and token-based" one-time passwords. The CISA noted SMS and voice MFA should feature one-time passwords issued to users’ phones or email addresses.
Full Story
Comments
If you want to comment on this post, you need to login.