A report led by the National Security Agency and the Cybersecurity and Infrastructure Security Agency suggested that multifactor authentication, or MFA, in organizations must have clearer definitions and security properties in order to protect enterprise systems.
The public-private technical report highlights key challenges and corresponding actions for developers and vendors of MFA and single sign-on, or SSO technologies, NSA said Wednesday.
The study, which was developed through the cross-sector group Enduring Security Framework, tied the increasing multiple use of computers in organizations to identity verification and access management vulnerabilities. Furthermore, lower levels of MFA have become susceptible to phishing attacks and other malicious activity.
The experts urged developers to create secure-by-default SSO and MFA tools for organizations. Identity standards and terminology must also be refined when it comes to enterprise IT systems, they recommended.
