Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II
‎10-09-2019 02:30 PM
‎10-09-2019 02:30 PM

FBI warns of MFA

The FBI has sent out a warning that the bad guys are attacking multi-factor authentication (MFA).

 

In reality, when you read the details of the attacks, it boils down to SIM swapping and some other implementation attacks, most of them fairly rare.  As usual, the price of security is eternal vigilance, and when you try to take the easy route, you usually become a target ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Kudos
2 Replies
denbesten
Community Champion
‎10-09-2019 04:24 PM
‎10-09-2019 04:24 PM

Here is an interesting comparison of various authenticators.  The biggest takeaway is "You should definitely turn on MFA now  – and anything is >99.9% better than nothing."

 

 

Reply
Steve-Wilme
Advocate II
‎10-10-2019 06:51 AM
‎10-10-2019 06:51 AM

SMS OTP used to be classed in the UK public sector as a non accreditable form of 2FA, but if you take the stance of it being more secure than username/password, then it's obviously worth implementing.  If we're going to assume that an attack can compromise or steal the second factor then no MFA scheme is entirely secure.  It's about risk reduction and risk appetite and that's context dependent.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos