Expert comment on release of supply chain guidance by NCSC
May 2022 by Jasson Casey, CTO at Beyond Identity
Following the NCSC’s release of supply chain guidance, Jasson Casey, CTO at Beyond Identity offers insight into the risk associated with some MFA solutions:
“Suggesting that MSP’S should rely on MFA as a security step is reckless, because not all MFA is created equal. The industry needs to recognise that some MFAs are extremely weak and fundamentally flawed - most password or legacy 2FA systems can be bypassed using off-the-shelf phishing and MITM exploits so this additional ‘security’ layer isn’t that effective at all. Also, these solutions don’t allow for any device posture information, so there’s no risk policy or continuous authentication happening.
What the industry needs is stronger, more robust alternatives to legacy MFA solutions, which we have now. The technology exists today to move beyond legacy MFA solutions as an authentication technique and this is in the form of invisible, unphishable MFA solutions”.