WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) is announcing a collaborative effort with industry to dramatically increase adoption of multi-factor authentication (MFA) and ensure widespread understanding of why it is one of the strongest tools to prevent cyber intrusions. Launching at the 2022 RSA Conference, CISA is embarking on a campaign to encourage widespread awareness and understanding of the benefits of MFA, to ensure that every American knows the simple steps they can take to keep themselves safe online, and to urge technology companies to make MFA available as a default option. CISA’s More Than a Password campaign includes a newly launched webpage with resources, how-to guides, and social media content throughout the month of June.
Adversaries are increasingly harvesting credentials through phishing emails or by identifying passwords reused from other systems. MFA increases security because even if one credential is compromised, unauthorized users will be challenged to meet the second authentication requirement, largely thwarting their ability to access the targeted device, network, or database.
“Whether you call it multi-factor or two-factor authentication, this simple step can make you 99% less likely to get hacked. Think of it like an airbag or the seatbelt in your car—an extra layer to keep you safe in the event of an accident,” said CISA Director Jen Easterly. “We need to get the word out that to stay safe online, every American needs to have More Than a Password on all their sensitive accounts. And if you have an account that doesn’t offer an option for MFA, urge your provider to begin offering this essential security feature.”
There are many ways you may be asked to provide a second form of authentication:
- Text Message or Email: When you login to an account, you’ll be asked to provide a code sent to you by text message or email.
- Authenticator App: An authenticator app is an app that generates MFA login codes on your phone.
- Push Notification: Instead of using a numeric code, the service “pushes” a request to your phone to ask if it should let you in.
- FIDO Key: FIDO stands for "Fast Identity Online" and is considered the gold standard of multi-factor authentication.
Two steps are harder for a hacker to compromise. Users should implement MFA on all their sensitive accounts—email, bank accounts, social media, online stores, gaming and streaming entertainment services. In addition to protecting consumers, MFA makes it more difficult for a threat actor to gain access to an organization’s information systems. It can better protect remote access technology, email, and billing systems, even if passwords are compromised through phishing attacks or other means. On its new webpage, CISA also provides a guide for organizations that need help getting started with deploying MFA to employees and customers.
Finally, CISA is asking our industry partners to help spread the word by ensuring that MFA is available for all services and enabled by default where possible. We’re also asking partners to share the value of MFA to customers and employees, and champion MFA on communication and social media channels. Whether you sing it, shout it, or post it this June, CISA is asking everyone to take the extra step and implement #MoreThanAPassword!
For more information, visit: http://www.cisa.gov/MoreThanAPassword
As the nation’s cyber defense agency, the Cybersecurity and Infrastructure Security Agency (CISA) leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day. Visit CISA.gov for more information.