Replies to post #167554 on Zerify Inc (ZRFY)

[splithappens]

There is a difference between MFA and MFA OOB.

MFA is in band and not very secure.

MFA OOB needs another device to authenticate using MF (facial, retina, voice, finger, etc). This is SFOR's three patents.

I also believe there are some on this board who still don't realize the difference. OOB is very powerful many ways as described in the patents.

It seems that some who write about MFA are confusing or at least not explaining it properly also.

Thanks for the post.

IMO

GLTA

[splithappens]

FYI, the post wasn't directed at you.

Your post was just a trigger for what hat to be posted.

Thanks again.

[ZPaul]

@4sleddogs with NIST SP 800-171, it is very specifically stated now as to how Contractors should handle CDI on Smartphones and Tablets.This basically outlines three points for clarification.

1. Multifactor authentication is not required for access to the smartphone or tablet, regardless of whether CDI is stored on the device or the device is merely used to access systems with CDI.

2. When CDI is stored on the device, such information must be encrypted to segregate it from the other information on the device.

3. When the device is used to access information systems with CDI, the information system must be protected by multifactor authentication, which can be entered through the device.

For those who don't know, CDI stands for covered defense information. Also refer http://jmp.sh/WpPibks in case anyone missed.