FBI warns MFA is vulnerable, urges biometric, behavioral authentication methods integration
According to the FBI’s recent Private Industry Notice, companies should urgently integrate extra layers of biometric factors and behavior recognition checks to prevent hackers from easily bypassing multi-factor authentication security systems. The Cyber Task Force warns that bad actors have the methods to deceive token and phone-based systems through social engineering, SIM swapping, and account-takeover malware such as Muraena and NecroBrowser.
As a result, the FBI recommends not only training staff to detect social engineering schemes, but also immediately implementing multi-factor authentication that includes biometrics or behavioral authentication methods such as time of day, geolocation, or IP address.
BIO-key claims its biometric hardware and software authentication solutions can fend off attackers and help ensure system protection. The company says its authentication solutions work unrestrictedly with more than 30 fingerprint scanner models from different manufacturers.
“Biometrics should not be an afterthought in a comprehensive Identity Access Management (IAM) strategy,” said Mike DePasquale, BIO-key CEO. “It should be a core design factor in an IAM platform, for end-user authentication, provisioning and governance. BIO-key offers our customers a comprehensive set of biometric authentication options, both on-device and on-server, to meet the real needs of business users.”
The company’s biometric authentication solutions were recently chosen by more County Election Boards in Florida to enhance the identification and authentication process for staff members and volunteers managing the voting process for the 2019 regional elections and the 2020 presidential election.
In September, BIO-key introduced a Channel Alliance Partner (CAP) program for Managed Service Providers (MSPs), Security Integrators, and VARs that deliver integrated multi-factor biometric security solutions for their customers.
According to Forbes, the FBI’s recent warning is quite unexpected, as multi-factor authentication in the form of a token or code received as text on a phone has been one of the key defenses in cybersecurity and identity verification so far. Digital Barriers CEO and Founder and Forbes contributor Zak Doffman explains the shock comes from an incredibly low number of attacks targeting multi-factor authentication.
A Microsoft report he cites says “The rate of compromise of accounts using any type of MFA is less than 0.1% of the general population” because “less than 10% of users per month” secure their enterprise accounts with multi-factor authentication.