Page 36 - FCW, August 2017
P. 36
FIGURING OUT
MULTIFACTOR
AUTHENTICATION
Now that NIST has restricted the use of Short Message Service, what are the authentication options for federal agencies?
BY DEREK HANDOVA
With the release of President Donald Trump’s executive order on strengthening the cybersecurity of federal networks in May, the government now begins the torturous task of bringing its networks into compliance with the Framework for Improving Critical Infrastructure Cybersecurity developed by the National Institute of Standards and Technology. And although it was not named in the executive order, there is a renewed focus on NIST’s work with Short Message Service two- factor authentication (SMS 2FA), which began last year.
Back then, NIST proposed deprecat- ing SMS 2FA because of its vulnerabili- ties as an out-of-band factor in multi- factor authentication environments. “Deprecate” is typically used to mean that a technology will be made invalid or obsolete.
“SMS 2FA is widely used for MFA; it has been adopted and is known
30 August 2017
FCW.COM