Sen. Ron Wyden, D-Ore., is calling on the U.S. Senate to improve its cybersecurity by using phishing-resistant multi-factor authentication (MFA).
In a March 3 letter, Sen. Wyden urged the Senate sergeant at arms to ensure that this industry-standard cybersecurity technology is widely used in the Senate. Specifically, he wants Senate offices to receive FIDO tokens free of charge to enable a secure login to any website or online service.
“Thousands of Senate employees who currently use less-secure forms of MFA must be re-issued new, phishing-resistant FIDO tokens and the Senate must stop supporting methods of MFA that are vulnerable to phishing,” the letter says.
The senator’s request is consistent with the Office of Management and Budget’s (OMB) January 2022 policy which requires executive agencies to adopt phishing-resistant MFA. And while OMB’s mandate only applies to executive agencies, Sen. Wyden wants the Senate’s cybersecurity to align with the OMB policy and industry best practices.
He is also reiterating a request he made in 2017 that FIDO tokens be used to login to Senate-issued and sergeant at arms-administered desktop and laptop computers, “not just for remote users accessing the Senate’s VPN.”
The FIDO Alliance – an open industry association – developed the FIDO standard, which is the only widely available phishing-resistant authentication. The authenticators can be physical tokens, but they can also incorporate other factors, such as biometrics or PIN codes.