topic Re: FBI warns of MFA in Industry News

FBI warns of MFA

rslade — Wed, 09 Oct 2019 18:30:57 GMT

The FBI has sent out a warning that the bad guys are attacking multi-factor authentication (MFA).

In reality, when you read the details of the attacks, it boils down to SIM swapping and some other implementation attacks, most of them fairly rare. As usual, the price of security is eternal vigilance, and when you try to take the easy route, you usually become a target ...

Re: FBI warns of MFA

denbesten — Wed, 09 Oct 2019 20:24:30 GMT

Here is an interesting comparison of various authenticators. The biggest takeaway is "You should definitely turn on MFA now – and anything is >99.9% better than nothing."

Re: FBI warns of MFA

Steve-Wilme — Thu, 10 Oct 2019 10:51:06 GMT

SMS OTP used to be classed in the UK public sector as a non accreditable form of 2FA, but if you take the stance of it being more secure than username/password, then it's obviously worth implementing. If we're going to assume that an attack can compromise or steal the second factor then no MFA scheme is entirely secure. It's about risk reduction and risk appetite and that's context dependent.