FIDO Alliance Blog Banners CISA

Andrew Shikiar, FIDO Alliance Executive Director & CMO 

The US Cybersecurity and Infrastructure Security Agency (CISA),  issued an advisory Thursday recommending cyber attack remedies for election-related activities  including the use of FIDO authentication to thwart phishing  attempts and account takeover. 

The advisory, entitled ACTIONS TO COUNTER EMAIL-BASED ATTACKS ON ELECTION RELATED ENTITIES noted that 78 percent of cyber-espionage incidents are enabled by phishing. CISA makes specific recommendations on protecting against cyber attacks to aid organizations involved in election-related activities.

Among other recommendations, FIDO Authentication was highlighted to thwart phishing attempts and protect against account takeover for cloud email and other high-value services. Specifically, CISA cites FIDO2 Security Keys as a tool that campaigns and organizations can, and should, use to protect themselves. The advisory also recommends that, when available, campaigns and organizations should enroll users in advanced protection services such as Google Advanced Protection, which leverages FIDO Security Keys as a best practice over other 2FA methodologies to protect workforces from account takeovers related to malicious attacks.

FIDO security keys offer protection against phishing attacks by working as a second, physical factor of authentication and only authenticating when a user is on the correct website. Thus, even if a user is tricked into supplying their password to a phishing website, the physical security key will still block attackers from accessing their account. 

Phishing continues to be a problem and remains one of the most popular means by which cybercriminals obtain data. Embracing FIDO technology is smart politics, and smart policy for those who understand the gravity of the cyber threat. As the election draws near, we’re increasingly seeing foreign agents attempting to infiltrate, influence and disrupt our elections.

As the CISA advisory implies, phishing and other cyber attacks are a critical issue with widespread and damaging implications to U.S. national security. The CISA advisory highlights the importance of locking down email systems, which have become a preferred vector for malicious activity. The CISA recommendations are intended as a preferred method for protecting the 2020 and future political campaigns. 


More

FIDO Alliance Launches New Digital Credentials Initiative to Accelerate and Secure an Interoperable Digital Identity Ecosystem

New Digital Credentials Working Group to work with global FIDO Alliance members and industry partners…

Read More →

Enhancing Compliance and User Experience with Major Updates to the FIDO Metadata Service

We’re excited to announce updates to the FIDO Metadata Service (MDS), which helps ensure organizations…

Read More →

Recap of the FIDO Alliance Korea Working Group Workshop

Strengthening Korea’s Passkey Ecosystem Through Technical Collaboration and Regulatory Clarity The FIDO Alliance Korea Working…

Read More →


Subscribe to the FIDO newsletter

Stay Connected, Stay Engaged

Receive the latest news, events, research and implementation guidance from the FIDO Alliance. Learn about digital identity and fast, phishing-resistant authentication with passkeys.