Experts Issue Guidance on Remediating Multifactor Authentication Security Issues

A panel of the cross-sector working group Enduring Security Framework has published a report detailing ways multifactor authentication and single sign-on technology vendors can address challenges in their offerings.

The report’s authors observed that increased multi-computer use has led to the emergence of potential access management and identity verification exploits, the National Security Agency said Wednesday.

According to the agency, digital identity theft through phishing is a leading cause of security breaches. Phishing attacks can also bypass basic MFA forms such as through the interception of one-time codes.

NSA said the report explores topics such as ambiguous MFA terminology, a reliance on self-enrollment by the user, tradeoffs between SSO functionality and complexity and updates to identity ecosystem standards.

The ESF is a public-private working group comprising experts from the government, information technology and defense sectors. Led by NSA and the Cybersecurity and Infrastructure Security Agency, it is tasked with delivering cybersecurity guidance on critical infrastructure threats.

MFA requires users to submit at least two types of credentials before gaining access to an account.