"CISA Releases Guidance on Phishing-Resistant and Numbers Matching Multifactor Authentication"
The US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) has issued two fact sheets highlighting threats to accounts and systems that use certain types of multifactor authentication (MFA). In order to protect against phishing and other known cyber threats, CISA strongly advises all organizations to implement phishing-resistant MFA. CISA recommends using number matching to mitigate MFA fatigue if an organization using mobile push-notification-based MFA cannot implement phishing-resistant MFA. While number matching is not as strong as phishing-resistant MFA, it is said to be an interim mitigation strategy for organizations that may not be able to implement phishing-resistant MFA right away. This article continues to discuss the "Implementing Phishing-Resistant MFA" and "Implementing Number Matching in MFA Applications" fact sheets released by CISA.