Nevada to spend $2 million on multi-factor authentication

Nevada lawmakers last week approved a $2 million upgrade to the state’s cybersecurity that will install multi-factor authentication on the state’s existing IT systems.

The state will implement the practice — which requires users to enter both a password and at least one additional form of authentication, often a code received by email or text — across all agencies via a roughly $1 million-per-year contract with Microsoft Azure, the company’s cloud computing arm.

The project is necessary, officials said, because Nevada’s enterprise IT agency last year processed 65 tickets for compromised accounts and estimated that more than 80% of those tickets were because of weak or stolen passwords.

State technology officials told StateScoop last year that multi-factor authentication was a key security element in enabling remote work during the pandemic, when cloud-based services became indispensable to state agencies with closed office buildings. Also, the Center for Internet Security, a nonprofit that sets best practices for cybersecurity, has said it plans to add multi-factor authentication to its standards starting next year.

“Multi-factor authentication adds a critical statewide layer in the ‘security onion,’ dramatically reducing the likelihood that any of our 18,000 accounts could be used by an attacker,” Stephanie Klapstein, a Nevada Department of Administration spokeswoman, told The Nevada Independent. “It is also an important component of keeping the state compliant with federal security requirements.”

Klapstein also said that phishing emails were the primary cause of those compromised accounts, adding that none of the compromises resulted in leaked data.