Single-factor authentication enters the list of Bad Practices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) deemed single-factor authentication to be unsafe. It added this mode to the catalog of exceptionally risky cybersecurity practices that can be used to expose critical infrastructure as well as government and private sector entities.
Single-factor authentication is a mechanism that allows users to sign in to websites and systems, verifying through one way only, which involves a user Id and password. This has been labeled as of low-security because it just matches the password with the user name and grants access, which is just a single factor for authentication.
Moreover, weak and common passwords also pose a huge threat leading to the risk of compromise and increasing the probability of accounts takeover by criminals.
With this addition, the list of bad practices now include:
- Use of unsupported or end-of-life software
- Use of known/fixed/default passwords and credentials
- Use of single-factor authentication for accessing systems
CISA also highlighted that the Bad Practices mentioned above should clearly be avoided by all organizations. They are particularly risky for organizations that look into Critical Infrastructure or National Critical Functions.
The agency pointed out that the presence of these Bad Practices in such organizations increases the risk to the US critical infrastructure, which is relied upon for national security, economic stability, and safety of the general public’s life and health.
Also Read: Android Trojan compromises Facebook Accounts
- Use of weak cryptographic functions or key sizes
- Flat network topologies
- Mingling of IT and OT networks
- Everyone’s an administrator -lack of least privilege
- Utilization of previously compromised systems without sanitization
- Transmission of sensitive, unencrypted / unauthenticated traffic over uncontrolled networks, and
- Poor physical controls