State Department scores an F on 2FA security | Cyber Security

Latest breaking news on


Five Senators have discovered that the is breaking the law by not using multi-factor authentication (MFA or ) in its emails. They’ve sent a letter to Secretary of State Mike Pompeo, and they want answers.

The letter, from Senators Ron Wyden, Cory Gardner, Edward Markey, Rand Paul and Jeanne Shaheen, referenced reports from federal auditors that the Department of State was failing to meet basic federal cybersecurity standards.

The General Services Administration (GSA), which is the US department dealing with government procurement, property management and information delivery, analysed federal cybersecurity this year, stated the letter.

The GSA’s report found that the Department of State had deployed “enhanced access controls” across just 11% of required agency devices.

MFA or 2FA requires users to enter a second piece of information along with their password. This is linked to a physical asset that only they hold, thwarting imposters trying to steal their accounts remotely. That second piece of information could be biometric, such as your fingerprint; a hardware key, such as Google’s recently-announced dongle; or a code delivered to a mobile phone.

Federal agencies in the Executive Branch are legally required to enable 2FA for any accounts with elevated privileges under the Federal Cybersecurity Enhancement Act, passed as part of an omnibus spending bill in December 2015.