Multi-factor authentication (MFA) gets touted as a significant security improvement over traditional “username + password” authentication. However, not all MFA processes are created equal. As the opportunities narrow for cybercriminals to pick off the low-hanging fruit of password-only systems, they’ve turned their focus to weak MFA.

A growing number of organizations have suffered security breaches despite having MFA in place, thanks to expanding digital systems, more advanced phishing tools, and the continued allowance of passwords as an authentication factor. The past year, which saw Microsoft, Uber and Cisco breached by MFA “prompt bombing,” demonstrates that organizations can’t just deploy any type of MFA and presume they’re safe from breaches.

For these reasons, the federal Office of Management and Budget (OMB) and the Cyber and Infrastructure Security Agency (CISA) have emphasized the need for phishing-resistant MFA, specifically passwordless MFA built around FIDO standards. We’ve examined FIDO standards and what they mean for authentication before, but in this post, we look at one of the most critical elements of the process: FIDO Certified authenticators.


More

MobileIDWorld: Google Chrome Enhances Security with Mandatory Biometric Authentication for Password Autofill

Google has implemented significant enhancements to biometric authentication and security features in Chrome and Google…

Read More →

9to5Mac: Apple @ Work: Passkey portability is finally here in iOS 26 and macOS Tahoe 26

With iOS 26 and macOS Tahoe 26, Apple is solving a key problem, though For…

Read More →

Reddit Implements Mandatory ID Verification for UK Users Under Online Safety Act

Reddit has implemented mandatory age verification for UK users to comply with the country’s Online…

Read More →


123283 Next