The U.S. Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA) recently released its updated multi-factor authentication (MFA) guide. In it, the CISA also flagged FIDO as the gold standard for MFA.
FIDO Alliance, an open industry association that aims to develop and promote authentication standards, welcomes this development. The update is aligned with FIDO’s mission of reducing the over-reliance of the world on passwords. With this and the new Federal Zero Trust Strategy, the U.S. government is seen to send a clear message that the use of FIDO standards is preferred.
Understanding MFA: What It Is
Authentication is one way of ensuring cybersecurity. It is the process of validating a person’s identity and credentials, ensuring that they are who they claim to be. To further strengthen security, multi-factor authentication was introduced. It is also known as two-factor authentication.
As the name suggests, it includes a combination of authentication methods. For instance, a user wants to access their bank account online or through their bank’s mobile app. They will have to go through MFA, which uses knowledge, possession, or traits.
Having multiple steps makes it harder for hackers to crack, steal, or compromise accounts.
The CISA offers a detailed guide — from the planning to the execution phase. Organizations can use this to strengthen their authentication process.
Its latest update on the MFA guidance, however, emphasized ways of enabling MFA. Among the different forms of authentication that the agency enumerated are text message (SMS), email, authenticator app, and push notification.
Additionally, the CISA mentioned the use of the FIDO key.
Fast Identity Online (FIDO) refers to a set of standardized authentication protocols that can help ensure cybersecurity while reducing reliance on passwords. It is built into the major browsers and phones. Meanwhile, the FIDO key refers to a portable security key. It is a hardware device to be used as an additional authentication method as part of an MFA. You can think of it as an encrypted version of your house key.
Using these security measures can help make it more difficult to access information. It is especially needed nowadays as passwords and usernames are often compromised by various attacks like phishing and more sophisticated password cracking techniques.
Furthermore, CISA recommended using multi-factor authentication on email accounts, financial services, social media accounts, online stores, and even on gaming and entertainment streaming services. The agency also encouraged consumers to request companies and organizations to enable MFA for better security.