cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Champion

FBI warns of MFA

The FBI has sent out a warning that the bad guys are attacking multi-factor authentication (MFA).

 

In reality, when you read the details of the attacks, it boils down to SIM swapping and some other implementation attacks, most of them fairly rare.  As usual, the price of security is eternal vigilance, and when you try to take the easy route, you usually become a target ...


............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
Highlighted
Community Champion

Re: FBI warns of MFA

Here is an interesting comparison of various authenticators.  The biggest takeaway is "You should definitely turn on MFA now  – and anything is >99.9% better than nothing."

 

 

Contributor III

Re: FBI warns of MFA

SMS OTP used to be classed in the UK public sector as a non accreditable form of 2FA, but if you take the stance of it being more secure than username/password, then it's obviously worth implementing.  If we're going to assume that an attack can compromise or steal the second factor then no MFA scheme is entirely secure.  It's about risk reduction and risk appetite and that's context dependent.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS