CISA released guidelines to tackle phishing-resistant and number matching in multifactor authentication

The US Cyber Security and Infrastructure Security Agency (CISA) released two factsheets for organisations and users highlighting the threats to accounts and systems that use multifactor authentication (MFA). The first factsheet focuses on the implementation of phishing-resistant MFA, which is a part of applying the Zero Trust Principles, aiming to enhance the US government’s defenses against threat campaigns. It provides guidelines for organisations to tackle cyberthreats that gain access to MFA credentials through phishing, push bombing (push fatigue), exploitation of SS7 protocol vulnerabilities, and SIM Swaps. The second fact heet focuses on the implementation of number matching in MFA applications which aims to prevent MFA fatigue, by requiring access to login screens to approve requests and discouraging prompt spam.