MFA provides us with extra security by confirming our identities when logging in to our accounts, like entering a code texted to a phone or one generated by an authenticator app. MFA increases security-it can make us significantly safer online. Even if our passwords become compromised, unauthorized users will be unable to meet the second step requirement and will not be able to access our accounts. Implement Phishing Resistant MFA Phishing-resistant MFA is designed to prevent MFA bypass attacks in scenarios like the one above. Phishing resistant MFA can come in a few forms, like smartcards or FIDO security keys. Security keys are small external devices that either connect to your computer or phone through a port, a biometric or via Bluetooth to enable secure login to websites and applications. Since only the key owner has physical access to their device, phishing scams don't work, and even weak passwords have an extra layer of protection. See the attached Implementing Phishing-Resistant MFA fact sheet for implementation guidance. James Hale, ARM-P, ARM-E Risk Control Consultant County Risk Sharing Authority 209 East State Street Columbus, OH 43215 614.246.1630 FAX 614.220.0209 " The leader in providing Ohio Counties with exceptional value, service, and protection of assets." [cid:image001.png@01D9F534.55A34C10] CONFIDENTIALITY NOTICE: This e-mail message (including any attachments) is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy this message and all attachments.
