Following up on an announcement issued at the start of last month, the U.S. Department of Housing and Urban Development (HUD) formally announced on Monday that it’s beginning to implement anti-phishing multifactor authentication (MFA) into the Federal Housing Administration Catalyst (FHAC) platform and making it available to all users.
Users have until July 28 to implement MFA for their own FHAC accounts.
FHAC provides approved lenders and business partners with secure online access to computer systems at HUD. Accounts with MFA are generally far more difficult to compromise than those operating with only one authentication factor, and phishing scams are also commonplace in the modern digital ecosystem.
“[Phishing] can take many forms, like emails, text messages, phone calls and social media posts,” HUD noted in the announcement. “These messages often contain links to bogus websites but are instead designed to steal your personal and/or business information.”
The shift will also assist HUD and FHA in prioritizing “secure lender, borrower, and stakeholder data while advancing identity management and access control capabilities,” the agency said. It will also reduce instances of shared credentials that can compromise security.
“The phishing-resistant MFA is available now to all FHAC users and becomes mandatory beginning July 28, 2025,” the agency said. “It is recommended that users set up and begin using this enhanced security feature as soon as possible. Users who do not implement this new security feature by July 28th will not be able to access FHAC.”
The requirement, however, does not impact users who connect to FHAC using its business-to-government interface, FHA clarified. Two options for establishing MFA are offered in FHA’s instructions for setup, but the use of the Okta FastPass product is listed as “recommended.”
Anyone with questions about the implementation of MFA in their own work is encouraged to contact the FHA Resource Center for assistance via phone or email.
Comments