FORT MEADE, Md. –
The National Security Agency has released a Cybersecurity Information Sheet Selecting and Safely Using Multifactor Authentication Solutions, which reviews commonly-used multi-factor authentication (MFA) mechanisms against National Institute of Science and Technology standards.
This can help National Security System, Department of Defense, and Defense Industrial Base end-users make more informed decisions about which multi-factor solutions best meet their needs. This guidance is not intended to serve as a recommendation for any service, but rather as a tool to help NSA’s customers more securely select and use MFA capabilities. Although this guidance has been provided for government stakeholders, it may be useful to broader audiences.
Of note, no authentication measure can defend against a compromised device, so it’s important to ensure the device is secure. For maximum security, always use multifactor authentication solutions with government furnished equipment or use a temporary secure operating system. When neither of these are feasible, create a separate user account with low privileges for only work use.
For more details, view the cybersecurity product here.