Global cybersecurity authorities call for stronger MFA protections

Besides the Netherlands, the other cybersecurity authorities are from the United States, the United Kingdom, Germany, the Czech Republic, Poland, Australia, Canada, Denmark, Estonia and France.

OneSpan explains that this "unprecedented joint call" is aimed at the weaknesses in the way many companies secure access to sensitive systems.

"Traditional MFA methods, such as SMS codes, one-time passwords and push notifications, are increasingly vulnerable to phishing and social engineering attacks," the fintech points out. "These methods are now considered high-risk and simply do not provide sufficient protection against increasingly sophisticated threats."

The international advisory body explicitly recommends FIDO2-based MFA, such as passkeys and hardware authenticators. OneSpan explains that these technologies authenticate users based on strong ownership factors and are much less susceptible to phishing.

This draws a clear line: traditional MFA methods are no longer adequate, and modern, phishing-resistant solutions are now the new standard.

"Organizations are advised to protect their internal systems, external access, DevOps environments and users with elevated privileges with these modern authentication solutions."

This global call, according to OneSpan, aligns with more stringent regulations, such as NIS2, DORA and GLBA, which all call for more powerful and modern authentication controls.

"The urgency is great," concludes OneSpan. "Cybercriminals are increasingly targeting IT service providers, infrastructure operators and organizations in critical supply chains. Organizations that currently rely on traditional passwords or outdated MFA solutions are arguably more at risk."