As reported by CNBC, Easterly pointed to Apple as a “positive example of accountability and transparency” for security practices.
Easterly said that this “high adoption rate is a result of Apple making multi-factor authentication the default.” This shows that “Apple is taking ownership for the security outcomes of their users,” she continued.
Meanwhile, Easterly pointed out that just “one-quarter of Microsoft enterprise customers” are using multi-factor authenticator, while just 3% of Twitter users have the feature enabled.
“By providing radical transparency around MFA adoption, these organizations are helping shine a light on the necessity of security by default,” Easterly said, per her prepared remarks. “More should follow their lead— in fact, every organization should demand transparency regarding the practices and controls adopted by technology providers and then demand adoption of such practices as basic criteria for acceptability before procurement or use.”
As for the future and ways to encourage companies to broaden two-factor authentication use, Easterly said the United States needs legislation that would “prevent technology manufacturers from disclaiming liability by contract.”
The legislation should also establish “higher standards of care for software in specific critical infrastructure entities” and “drive the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.”
