Single factor authentication added to CISA’s list of bad practices

Byte-size Bulletin by Rachael Brown in Security, News on Sep 20, 2021

george-prentzas-SRFG7iwktDk-unsplash_adobespark

Multi-factor authentication. It, true to name, multiplies the level of protection and security your accounts have. And it only takes a few seconds. 

This is why it's so surprising so many users still don't have it enabled. 

CISA, the United States Cybersecurity and Infrastructure Security Agency, is tackling this reality by adding single-factor authentication to its list of bad practices. 

Single-factor authentication is a low-security method of authentication that requires only entering a single factor- like a password to a username- to gain access to an account or system.

By contrast, multi-factor authentication requires multiple steps which can include biometrics and an authentication portal on a different device. 

Lack of multi-factor authentication should be avoided as much as possible, according to cybersecurity experts. CISA in its list of bad practices describes the use of single-factor authentication for remote or administrative access systems in particular as "exceptionally risky"

The use of strong multi-factor authentication is recommended by the organisation in all cases. Especially as hackers are becoming quicker and more efficient at hacking even the strongest, most complex passwords. 

Organisations in all sectors are encouraged to review CISA’s Bad Practices list and take steps to address any security weaknesses they may have overlooked.

If you haven't done this, consider reviewing the agency’s guide on implementing strong authentication and applying these best practices asap.

Photo by George Prentzas on Unsplash


 

Subscribe to our Bulletins





Free Download

Is IT a bottleneck to your company’s growth?

Discover how small business IT support can be a strong ally in making you more productive and competitive.

Download Ebook

bottlenecks