CrowdStrike FalconID Brings Phishing-Resistant MFA BLOG Featured Now Live: The CrowdStrike 2026 Financial Services Threat Landscape Report May 14, 2026 Falcon AIDR Detects Threats at the Prompt Layer in Kubernetes AI Applications May 13, 2026 May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs May 12, 2026 Inside CrowdStrike Automated Leads: A Transformative Approach to Threat Detections May 11, 2026 Recent Video Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO] Feb 21, 2019 Analyzing Targeted Intrusions Through the ATT&CK Framework Lens [VIDEO] Jan 22, 2019 Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO] Aug 20, 2018 Category Agentic SOC How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem 03/25/26 CrowdStrike Services and Agentic MDR Put the Agentic SOC in Reach 03/24/26 4 Ways Businesses Use CrowdStrike Charlotte AI to Transform Security Operations 03/12/26 Inside the Human-AI Feedback Loop Powering CrowdStrike’s Agentic Security 02/10/26 Cloud & Application Security 05/13/26 CrowdStrike Named a Leader in Frost & Sullivan 2026 Radar for Cloud-Native Application Protection Platforms 04/27/26 CrowdStrike Expands Real-Time Cloud Detection and Response to Google Cloud 04/22/26 CrowdStrike Falcon Cloud Security Delivered 264% ROI Through Unified Cloud Protection Threat Hunting & Intel 05/14/26 CrowdStrike Named a Leader in the First-Ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies 05/06/26 CrowdStrike Launches Falcon OverWatch for Defender 05/05/26 Tune In: The Future of AI-Powered Vulnerability Discovery 05/01/26 Endpoint Security & XDR 05/11/26 CrowdStrike Falcon Platform Achieves 441% ROI in Three Years 04/21/26 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management 04/01/26 Enhanced Network Visibility: A Dive into the Falcon macOS Sensor's New Capabilities 03/11/26 Engineering & Tech EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware 09/03/25 Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS 08/20/25 CrowdStrike’s Approach to Better Machine Learning Evaluation Using Strategic Data Splitting 08/11/25 CrowdStrike Researchers Develop Custom XGBoost Objective to Improve ML Model Release Stability 03/20/25 Executive Viewpoint Frontier AI Is Collapsing the Exploit Window.
Here’s How Defenders Must Respond. 04/20/26 Frontier AI for Defenders: CrowdStrike and OpenAI TAC 04/16/26 Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs 04/06/26 The Architecture of Agentic Defense: Inside the Falcon Platform 01/16/26 From The Front Lines CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns 05/04/26 Introducing the CrowdStrike Shadow AI Visibility Service CrowdStrike Flex for Services Expands Access to Elite Security Expertise From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise 03/20/26 Next-Gen Identity Security Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse 03/31/26 CrowdStrike FalconID Brings Phishing-Resistant MFA to Falcon Next-Gen Identity Security 02/26/26 CrowdStrike Named a Customers’ Choice in 2026 Gartner® Peer Insights™ Voice of the Customer for User Authentication 02/12/26 CrowdStrike to Acquire Seraphic to Secure Work in Any Browser 01/13/26 Next-Gen SIEM & Log Management Falcon Next-Gen SIEM Supports Third-Party EDR Tools, Starting with Microsoft Defender 03/23/26 Falcon Next-Gen SIEM Simplifies Onboarding with Sensor-Native Log Collection 03/06/26 Exposing Insider Threats through Data Protection, Identity, and HR Context 02/18/26 How to Scale SOC Automation with Falcon Fusion SOAR 02/11/26 Public Sector CrowdStrike Innovates to Modernize National Security and Protect Critical Systems 03/18/26 Falcon Platform for Government Now Offers Falcon for XIoT to Secure Connected Assets CrowdStrike Achieves FedRAMP® High Authorization 03/19/25 NHS Matures Healthcare Cybersecurity with NCSC’s CAF Assurance Model 03/13/25 Exposure Management 05/12/26 April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs 04/14/26 How CrowdStrike Is Accelerating Exposure Evaluation as Adversaries Gain Speed 04/05/26 March 2026 Patch Tuesday: Eight Critical Vulnerabilities and Two Publicly Disclosed Among 82 CVEs Patched 03/10/26 Securing AI CrowdStrike Expands ChatGPT Enterprise Integration with Enhanced Audit Logging and Activity Monitoring 04/28/26 New CrowdStrike Innovations Secure AI Agents and Govern Shadow AI Across Endpoints, SaaS, and Cloud Secure Homegrown AI Agents with CrowdStrike Falcon AIDR and NVIDIA NeMo Guardrails 03/19/26 Introducing "AI Unlocked: Decoding Prompt Injection," a New Interactive Challenge Data Security Falcon Data Security Secures Data Wherever It Lives and Moves Falcon Data Protection for Cloud Extends DSPM into Runtime 11/20/25 CrowdStrike Stops GenAI Data Leaks with Unified Data Protection 09/18/25 Q&A: How Mastronardi Produce Secures Innovation with CrowdStrike 02/14/25 Start Free Trial FalconID, now generally available, brings continuous risk-aware authorization to multifactor authentication.
February 26, 2026 Ryan Terry FalconID is now generally available, bringing phishing-resistant MFA to the CrowdStrike Falcon® platform and advancing CrowdStrike’s leadership in identity security. Adversaries continue to use legitimate identities to infiltrate and navigate organizations while evading defenses. As they adopt AI, the scale and impact of social engineering and credential abuse are growing.
AI-enhanced phishing, MFA fatigue, and session hijacking enable threat actors to bypass MFA. And adversaries are moving faster: The CrowdStrike 2026 Global Threat Report found the average eCrime breakout time has dropped to a record low of 29 minutes. Older tools weren’t built to withstand these attacks. Traditional IAM and standalone MFA were designed to validate identity only at login. They lack visibility into broader security context, including compromised devices, adversary activity, SaaS misconfigurations, privilege abuse, and mid-session risk posture changes.
These gaps are where modern identity attacks thrive. This is why we built CrowdStrike Falcon® Next-Gen Identity Security: to unify comprehensive identity visibility, modern privileged access, identity threat detection and response (ITDR), and SaaS security on the AI-native Falcon platform. With FalconID now generally available, and the addition of continuous authorization from our acquisition of SGNL, Falcon Next-Gen Identity Security takes a major step forward.
FalconID: Security-First Authentication in the Falcon Platform FalconID provides phishing-resistant, FIDO2-based authentication as a seamless experience built directly into the Falcon sensor and delivered through the Falcon for Mobile app. It connects authentication to the Falcon platform’s real-time telemetry to determine when access is safe, and when it’s risky, without forcing users through unnecessary steps.
Authentication becomes an intelligence-driven decision. FalconID evaluates risk signals related to identity, endpoint, and SaaS security, as well as active threat detections and our own adversary intelligence. Over time, Falcon Next-Gen Identity Security continuously enforces access as risk signals change. If risk changes, access decisions can be re-evaluated and privileges reduced or revoked mid-session.
For users, the process is frictionless. FalconID eliminates the use of passwords, push notifications, and one-time codes through its FIDO2-based biometric authentication bound to trusted devices and legitimate domains. A physical device is required to approve access. The user and device are verified in real time, without redirects or third-party integrations. FalconID is not a standalone MFA. It is integrated, security-first authentication delivered from the unified Falcon platform that strengthens the first control point in the identity attack chain.
How it works When a user attempts to authenticate, FalconID ensures that: The authentication request is cryptographically bound to a legitimate domain. The user’s trusted device is physically present. Proximity validation prevents remote push abuse. The login attempt is evaluated against real-time risk signals from across the Falcon platform. For legacy access scenarios where FIDO is not supported, FalconID provides secure indirect authentication enabling administrators to secure legacy applications and protocols.
See FalconID in action in this demo video SGNL: Continuous Authorization Beyond Login Stopping compromised access at login is essential, but identity risk doesn’t end there. CrowdStrike acquired SGNL to further elevate Falcon Next-Gen Identity Security. SGNL adds a universal enforcement layer that continuously evaluates access decisions across cloud, SaaS, and enterprise environments. Unlike legacy IAM systems that make a single “trust-once” decision at login, SGNL enables continuous, context-aware authorization.
With SGNL, standing privileges are eliminated and access can be dynamically adjusted as risk changes in real time. Zero standing privileges become achievable across AD, Entra, AWS, Okta, and SaaS apps. Together, FalconID and SGNL extend Falcon Next-Gen Identity Security across the full identity lifecycle: At login, authentication is phishing-resistant and security context-aware. During access, authorization is continuously evaluated and risk-based.
Across on-prem, cloud, and SaaS privileges, standing access is eliminated in favor of just-in-time enforcement. Across SaaS and cloud, identity posture and misconfiguration risks are monitored and controlled. Across human, non-human, and AI identities, threats are automatically detected and blocked in real time. Identity Protection Built to Fight Modern Threats The attack surface has shifted to browsers, SaaS applications, and AI tools.
Identity is the connective tissue across every workload and workflow. As adversaries exploit valid sessions, hijack tokens, and abuse legitimate privileges to remain hidden, organizations need to ensure access is only granted to employees who need it. By combining AI-native ITDR, modern privileged access, SaaS security posture management, phishing-resistant MFA, and continuous authorization, CrowdStrike delivers a unified identity fabric across human, non-human, and AI identities.
Identity becomes continuously evaluated, dynamically enforced, and fully correlated with endpoint, cloud, and threat intelligence signals. With FalconID now generally available and SGNL expanding enforcement across environments, Falcon Next-Gen Identity Security delivers protection where legacy IAM models cannot. Learn more: https://www.crowdstrike.com/en-us/platform/next-gen-identity-security/falcon-id/ Related Content Categories CONNECT WITH US FEATURED ARTICLES May 06, 2026 May 05, 2026 SUBSCRIBE Sign up now to receive the latest notifications and updates from CrowdStrike.
Sign Up See CrowdStrike Falcon ® in Action Detect, prevent, and respond to attacks— even malware-free intrusions—at any stage, with next-generation endpoint protection. See Demo Privacy Request Info Contact Us 1.888.512.8906 Accessibility