Better security brings better business efficiency and leads to a healthy IT security posture. With greater regulatory compliance framework on the rise, enterprises must view IAM more seemingly, than ever before. IAM brings with its tools like SSO, MFA to access many applications, in a more secure manner.
The first line of secure access to applications comes with SSO tools, and most organizations do have it. The next line of defence is multi-factor authentication (MFA), which supports an OTP backed, with password authentication.
In what seems a very contrary view to what MFA has to offer, US federal agency FBI believes that MFA is still not that secure, it is vulnerable to security breaches. FBI stated that circumventing MFA through social engineering, and technical attacks are still hackable by cyber attackers. A classic misuse case was the MFA bypass that took place in a US banking institution. Further, the FBI is of the view that MFA solutions differ from each vendor, and the use of such defences does not mitigate the need for user training. The note from the FBI is just a precaution, rather defeat the efficiency of MFA.
It is critical, that in the security space, a greater vigil is always better. With the greater dependency on MFA as the secondary form of verification, it is more likely that it might be exposed to greater attacks in the coming days. Perhaps, in this view, the FBI strongly recommends that enterprises use biometrics or behavioural information to mitigate these attacks.