Guest Blog
Understanding the FBI's Private Industry Notification on Multi-Factor Authentication

Guest Post by Paul Kenny, Chief Technical Architect, EMEA/APAC

Heeding the FBI is wise, but misreading the Bureau can be disastrous. And never has this been truer than in the context of the FBI’s recent Private Industry Notification on Multi-Factor Authentication (MFA).

A cursory look at this notification (or worse, a glance at some of the newspaper headlines it’s been generating) might well lead you to believe—quite mistakenly—that MFA is a vulnerable and unreliable security framework.

In truth, the FBI is saying nearly the exact opposite—that MFA is a necessary and wildly effective means of preventing upwards of 99.9% of all cyberattacks, but that not all MFA is created equal, and that the very best security framework is an "advanced" MFA implementation that utilizes the strongest authentication factors such as physiological and behavioral biometrics.

In fact, when the FBI reports to have “observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks,” it is referencing the very attacks that an advanced, biometric-based MFA platform (like IdentityX) is designed specifically to prevent.

To help illustrate this point, let’s quickly walk through the attack types listed in the FBI’s notification to see how IdentityX protects against them:

Read more