cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

FBI warns of MFA

The FBI has sent out a warning that the bad guys are attacking multi-factor authentication (MFA).

 

In reality, when you read the details of the attacks, it boils down to SIM swapping and some other implementation attacks, most of them fairly rare.  As usual, the price of security is eternal vigilance, and when you try to take the easy route, you usually become a target ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
2 Replies
denbesten
Community Champion

Here is an interesting comparison of various authenticators.  The biggest takeaway is "You should definitely turn on MFA now  – and anything is >99.9% better than nothing."

 

 

Steve-Wilme
Advocate II

SMS OTP used to be classed in the UK public sector as a non accreditable form of 2FA, but if you take the stance of it being more secure than username/password, then it's obviously worth implementing.  If we're going to assume that an attack can compromise or steal the second factor then no MFA scheme is entirely secure.  It's about risk reduction and risk appetite and that's context dependent.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS