FHA implements multifactor authentication for Catalyst to root out phishing scams
Recognizing
the
rising
prevalence
of
phishing
scams
—
where
a
bad
actor
will
seek
to
trick
a
target
into
revealing
sensitive
personal
or
financial
information
through
fake
websites,
emails
or
text
messages
—
the
Federal
Housing
Administration
(FHA)
has
announced
it
is
implementing
anti-phishing
multifactor
authentication
(MFA)
into
FHA
Catalyst
(FHAC).
FHAC
provides
FHA-approved
lenders
and
business
partners
with
secure
online
access
to
computer
systems
at
the
U.S.
Department
of
Housing
and
Urban
Development
(HUD).
Multifactor
authentication
is
a
type
of
cybersecurity
mechanism
for
online
accounts
and
services.
It
requires
an
initial
credential,
like
a
conventional
password,
but
also
requires
a
second,
individualized
factor
such
as
a
text
sent
to
the
user’s
mobile
phone,
or
a
specialized
authenticator
mobile
app
with
time-sensitive
codes.
Accounts
with
MFA
are
generally
far
more
difficult
to
compromise
than
those
operating
with
only
one
authentication
factor.
Phishing
scams
are
also
commonplace
in
the
modern
digital
ecosystem,
but
while
some
phishing
attempts
are
easy
to
spot
by
users
and
software
vendors
like
email
providers,
others
are
more
sophisticated.
“Phishing
scams
are
cybercrimes
which
are
intended
to
gain
access
to
online
accounts
or
install
malware
to
damage
or
steal
data
from
a
computer
or
network,”
FHA
said
in
its
informational
notice
sent
out
on
Thursday.
“It
can
take
many
forms,
like
emails,
text
messages,
phone
calls
and
social
media
posts.
These
messages
often
contain
links
to
bogus
websites
but
are
instead
designed
to
steal
your
personal
and/or
business
information.”
MFA
is
seen
as
a
key
tool
to
combat
such
attacks,
leading
to
its
greater
incorporation
into
FHAC,
the
agency
said.
“This
new
phishing-resistant
MFA
security
feature
is
part
of
FHA’s
ongoing
commitment
to
maintaining
secure
lender,
borrower,
and
stakeholder
data
while
advancing
identity
management
and
access
control
capabilities,”
the
notice
reads.
“This
enhancement
also
helps
ensure
that
login
credentials
are
not
shared
or
exposed
to
attacks.”
The
new
MFA
functionality
is
now
available
to
all
FHAC
users,
but
it
will
become
mandatory
on
July
28,
the
agency
explained.
It
recommends
users
set
up
MFA
on
their
accounts
as
quickly
as
possible.
“Users
who
do
not
implement
this
new
security
feature
by
July
28th
will
not
be
able
to
access
FHAC,”
the
notice
reads.
“This
requirement
does
not
impact
users
who
connect
to
FHAC
through
the
business-to-government
interface.”
Two
options
for
establishing
MFA
are
offered
in
FHA’s
instructions
for
setup,
but
the
use
of
the
Okta
FastPass
product
is
listed
as
“recommended.”
