The Cybersecurity and Infrastructure Security Agency has urged organizations to adopt phishing-resistant multi-factor authentication and number matching in their MFA apps to better avert various cybersecurity threats, SecurityWeek reports.
Implementing phishing-resistant MFA, such as public key infrastructure-based authentication or FIDO/WebAuth, is crucial as other MFA forms could be bypassed not only by phishing attacks but also push bombing and SIM swapping intrusions, according to CISA.
"While any form of MFA is better than no MFA and will reduce an organization's attack surface, phishing-resistant MFA is the gold standard and organizations should make migrating to it a high priority effort," said CISA.
Moreover, CISA has also emphasized the use of number matching to curb fatigue associated with MFA or confusion stemming from various prompts.
"Cyber threat actors who have obtained a users password know they can enter it into an identity platform that uses mobile push-notification-based MFA to generate hundreds of prompts on the users device over a short period of time," CISA added.