H-ISAC TLP White Announcement: Multi-Factor February Awareness

On February 1, 2022, many organizations and popular software suites will be shifting from optional Multi-Factor Authentication (MFA) to enforcing MFA for all users. This enforcement will occur regardless of administrative permissions or exceptions previously enabled. 

Several providers will no longer permit users to access their services and resources without Multi-Factor Authentication (MFA) enforced, including:

• Okta
• Salesforce
• Tableau

Organizations should develop a communications plan to inform users of the expected change. While most environments have MFA  enabled, by default, some organizations may only have this setting enabled as optional. 

Health-ISAC would like to bring awareness to this change to ensure teams are not disrupted by the enforcement of MFA on February 1, 2022.

Health-ISAC would like to bring awareness to the value of MFA and encourage discussions around enforcement during the month of February.

Is there sensitive data that you can access using basic authentication? Are you certain MFA is an option and that it is not enabled where it could be enabled?

February is the month to bring awareness to your desire to enforce MFA to ensure the resilience of your environment.