In the News: Lauren Godfrey and Sydney Hardy Break Down New NYDFS MFA Rules and Compliance Challenges in Cyber Defense Magazine

Media Mention
Cyber Defense Magazine

Constangy cybersecurity and data privacy attorneys Lauren Godfrey and Sydney A. Hardy authored an article for Cyber Defense Magazine examining the New York State Department of Financial Services' (NYDFS) enhanced multi-factor authentication (MFA) requirements under Section 500.12 of the Amended Cybersecurity Regulation. The covered entities required to abide by the enhanced MFA requirements include businesses or other entities licensed or authorized to operate under banking, insurance or financial services law.

Godfrey and Hardy explained that MFA requires at least two distinct verification factors, such as a PIN paired with a mobile authenticator or a physical key paired with a fingerprint, and caution that auto-fill features and software-stored certificates do not qualify as valid possession factors. The article also addresses compliance challenges around push-based MFA fatigue, single sign-on (SSO) systems, cloud-based email and document hosting platforms and external-facing systems. Notably, SSO alone does not satisfy MFA requirements and cloud platforms that store or transmit nonpublic information must incorporate MFA or a written, annually reviewed CISO-approved equivalent control. 

"MFA can significantly reduce, although not eliminate, the risk of access to a network from an unauthorized actor," said Godfrey and Hardy. "Entities covered by New York's enhanced MFA requirements should review the new FAQs in their entirety and ensure that their systems are compliant." 

To view the full article, subscribers may click here.

Subscribe for Updates
Jump to Page

Constangy, Brooks, Smith & Prophete, LLP Cookie Preference Center

Your Privacy

When using this website, Constangy and certain third parties may collect and use cookies or similar technologies to enhance your experience. These technologies may collect information about your device, activity on our website, and preferences. Some cookies are essential to site functionality, while others help us analyze performance and usage trends to improve our content and features.

Please note that if you return to this website from a different browser or device, you may need to reselect your cookie preferences.

For more information about our privacy practices, including your rights and choices, please see our Privacy Policy. 

Strictly Necessary Cookies

Always Active

Strictly Necessary Cookies are essential for the website to function, and cannot be turned off. We use this type of cookie for purposes such as security, network management, and accessibility. You can set your browser to block or alert you about these cookies, but if you do so, some parts of the site will not work. 

Functionality Cookies

Always Active

Functionality Cookies are used to enhance the functionality and personalization of this website. These cookies support features like embedded content (such as video or audio), keyword search highlighting, and remembering your preferences across pages—for example, your cookie choices or form inputs during submission.

Some of these cookies are managed by third-party service providers whose features are embedded on our site. These cookies do not store personal information and are necessary for certain site features to work properly.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek
scullery23