USDA Pioneers Phishing-Resistant MFA with Fast IDentity Online (FIDO)
The Cybersecurity and Infrastructure Security Agency (CISA) has published an insightful report detailing the U.S. Department of Agriculture’s (USDA) successful implementation of phishing-resistant multi-factor authentication (MFA) using Fast IDentity Online (FIDO) technology.
This success story highlights how the USDA overcame unique challenges to achieve robust cybersecurity for its diverse workforce of over 130,000 employees, including seasonal workers and those in specialized environments that preclude the use of standard personal identity verification (PIV) cards.
“These circumstances pushed USDA to develop a technical solution that provides the same protections as a PIV but withstands decontamination,” the report states.
The USDA turned to FIDO, a set of authentication protocols that employ cryptographic keys on user devices to provide secure, phishing-resistant authentication without relying on vulnerable passwords.
Key takeaways from the USDA’s FIDO implementation include:
- Enhanced Security: FIDO effectively counters credential phishing threats, a critical concern for organizations of all sizes.
- Flexibility: FIDO accommodates various use cases, including those where PIV cards or other certificate-based authentication methods are not feasible.
- Centralized Management: The USDA’s centralized technology architecture facilitated the seamless integration of FIDO with existing systems.
- Incremental Approach: A phased rollout allowed for continuous improvement and minimized disruption.
CISA emphasizes the importance of organizations moving away from password-based authentication and adopting secure MFA technologies like FIDO.
“Authentication technologies that do not involve FIDO or public key infrastructure (PKI)… will only continue to put organizations at risk by allowing malicious cyber actors initial access to their networks via credential phishing attacks,” CISA warns.
The USDA’s successful FIDO implementation serves as a valuable model for other organizations seeking to bolster their cybersecurity posture and protect against evolving cyber threats.
