The US Federal Cybersecurity Agency (CISA) has issued new guidelines for secure communication in light of recent revelations about Salt Typhoon’s infiltration of US networks. The guidance emphasizes the use of end-to-end encrypted messaging apps, such as Signal, and hardware-based authentication methods like FIDO phishing-resistant authentication.
CISA advises against using SMS as a second factor for authentication due to its lack of encryption, which makes it vulnerable to interception by threat actors. Instead, officials are recommended to adopt alternative forms of two-factor authentication (2FA/MFA), such as authenticator apps or hardware-based security keys.
The agency also provides recommendations for securing mobile devices and networks, including:
* Updating operating systems regularly
* Using secure browsing habits on Android devices
* Choosing secure OEMs/models with long-term security updates
* Implementing password management features, such as Apple’s new Passwords app
These guidelines aim to protect US officials from cyber threats and address the weaknesses in current communication methods. As the tech industry continues to evolve, it is essential for individuals to stay informed and adopt best practices for secure online interactions.
Source: https://www.forbes.com/sites/zakdoffman/2024/12/18/feds-warn-android-and-iphone-users-stop-using-sms-for-2fa