Increasingly prevalent interception of multi-factor authentication keys by threat actors has prompted the UK's National Cyber Security Centre to release updated guidelines on implementing such an authentication method, reports SC Media.
Organizations should not only ensure the selection of an MFA solution that suits their needs and requirements but also provide proper training to those who will use the solution, according to the NCSC.
"The new guidance explains the benefits that come with strong authentication, while also minimising the friction that some users associate with MFA. Part of this involves only prompting for authentication or MFA when it makes a difference. Most organizations will have people in different roles, different ways of working, all using different types of devices. So we include options to help things work better for everyone," said the NCSC.
Implementing MFA and other identity management tools has been noted to be crucial amid mounting ransomware and phishing attack threats.