CISA recommends FIDO authentication in email security advisory to political campaigns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an advisory on Thursday recommending multi-factor authentication (MFA) as a cyber-attack remedy for election-related activities.
The recommendations in the “Actions to Counter Email-based Attacks On Election Related Entities” advisory mention a number of anti-phishing measures, including the use of FIDO authentication.
Within the advisory, CISA highlights that 78 percent of all cyber-espionage attacks are enabled by successful phishing attempts, and calls for companies to step up their security measures.
FIDO2 Physical Security Keys and authentication apps are mentioned in the report as these MFA technologies can be used to protect against account takeover for cloud email and other high-value services, though biometrics are not specifically alluded to.
In the new document, CISA openly encourages the use of the above tools over 2FA methodologies, which are considered inherently more vulnerable and easier to bypass.
The news of the report comes after FIDO Alliance voiced its concerns to NIST earlier this week in regard to the necessary improvement of phishing-resistant digital ID authentication measures.
The CISA advisory also recommends users to enroll user accounts in advanced protection services such as the ones proposed by Google and Microsoft.
Password managers are also mentioned in the report, as tools that increase security and improve password hygiene measures.