Sen. Ron Wyden, D-Ore., has called on the office of the Senate’s sergeant at arms to initiate additional steps to advance the adoption of phishing-resistant multifactor authentication in the upper chamber in line with the Office of Management and Budget’s policy and industry best practices.
In a letter to Senate Sergeant at Arms Karen Gibson dated March 3, Wyden suggested offering FIDO tokens at no cost to Senate offices and employees.
The lawmaker noted that FIDO tokens are industry standard for phishing-resistant MFA and are widely recommended by government and industry cybersecurity experts.
“Thousands of Senate employees who currently use less-secure forms of MFA must be re-issued new, phishing-resistant FIDO tokens and the Senate must stop supporting methods of MFA that are vulnerable to phishing,” the senator wrote in the Friday letter.
Wyden also implored Gibson to require the use of such tokens not only for remote workers accessing the upper chamber’s virtual private network but also for those who are logging into Senate-issued laptops and desktop computers.
