US government plays catchup on phishing-resistant MFA

…The collective push and looming deadline to broaden phishing-resistant MFA adoption underscores the government’s need to play catch up as it reviews newer commercially available versions of the technology.

“The push for MFA within the federal government is not new. However, the adoption and use of MFA by public-sector entities has lagged behind private sector counterparts,” Brandon Pugh, director of cybersecurity and emerging threats at the R Street Institute, said via email.

“MFA is not a full cybersecurity solution, but it is an important and effective element of it. The federal government should learn about and consider best practices and solutions already available in industry spaces,” Pugh said…