At least two presidential campaigns aren’t using two-factor authentication – By Andrew Eversden (Federal Times) / March 3 2020
At least two presidential campaigns are not using two-factor authentication, according to Maine Sen. Angus King, because the campaigns consider the technology too unwieldy.
“I’ve heard in the last 24 hours that two presidential campaigns were approached and they said ‘two-factor authentication is just too cumbersome and so we’re not going to do it,’” King said at a Cyberspace Solarium Commission event at the Centers for Strategic and International Studies March 3.
King did not name the campaigns.
Multi-factor authentication has become part of basic cyber hygiene. Organizations without that technology can be left vulnerable, a point was made especially clear after 2016 when John Podesta, the campaign chair for Democratic nominee Hillary Clinton’s campaign, had his email hacked in part because didn’t have two-factor authentication activated.
In May 2019, the Federal Election Commission issued an opinion allowing companies to provide free or discounted cybersecurity services for presidential campaigns, so long as its nonpartisan. Suzanne Spaulding, a member of the commission and senior adviser for Homeland Security at CSIS, said the organization will recommend “institutionalizing” that opinion as part of 75 cyber policy recommendation the group will issue March 11.
Continue to article: https://www.fifthdomain.com/critical-infrastructure/2020/03/04/at-least-two-presidential-campaigns-arent-using-two-factor-authentication/