CyberHoot recommends clients enable MFA for administrator logins.
CyberHoot supports three methods of accomplishing MFA.
#1 Authenticator Applications: Watch the short video below for a quick, 1-minute walkthrough on how to set up your authenticator app for secure access to CyberHoot. Any Authenticator app can be used including Google Authenticator and Microsoft Authenticator. There are others and they work the same way. This is the recommended and most secure form of MFA supported by CyberHoot.
#2 Email: If you take no action after registering as an Administrator, your Multi-Factor Authentication (MFA) code will be sent to you via email each time you log in with your email address and password. While this method is generally considered safe, it’s not as secure as using an Authenticator App—though it does offer greater security than SMS-based MFA. If email and authenticator apps aren’t viable options for you, SMS is available as a fallback.
#3 SMS: NIST has deprecated the use of SMS-based Multi-Factor Authentication (MFA) due to its lower security compared to other methods. Although CyberHoot can send you an authentication code via SMS if you enroll your mobile device, this approach should be avoided when possible. While it may seem convenient, SMS-based MFA is vulnerable to threats such as SIM swapping, number porting, and interception.
Now that you know which methods of MFA we support, let’s learn how to set this up.
Step #1: Log in for the first time. You will be emailed an MFA code to input. This is enabled by default for all new administrators.
Step #2: Click on your Name in the Top Right corner once authenticated the first time.
Step #3: Under your account settings, select the form of MFA you wish to use (SMS, Email, OR Authenticator App) and follow the enrollment process.
You’re done. The next time you login this preference will be followed.
Image Sources:
Kasaya Article on Multi-factor authentication
Additional Reading:
Five Reasons why SMS MFA is Insecure
Related Terms:
CyberHoot Cybrary Term: Two-Factor Authentication (2FA, aka MFA)
CyberHoot has many resources available to you. Below are links to all of our resources; please check them out and use them whenever you like:
Note: If you’d like to subscribe to our newsletter, visit any link above (besides infographics) and enter your email address on the right-hand side of the page, and click ‘Send Me Newsletters’.
Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.
A recent discovery by cybersecurity firm Oligo Security has unveiled a series of critical vulnerabilities in...
Read more
Welcome to CyberHoot's May Newsletter! This month, we're spotlighting key developments in the cyber threat...
Read more
A newly uncovered cyberattack campaign is exploiting Zoom’s Remote Control feature to infiltrate the systems...
Read moreGet sharper eyes on human risks, with the positive approach that beats traditional phish testing.
