The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the use of single-factor authentication for remote or administrative access systems to its list of “exceptionally risky cybersecurity practices”.
“Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system,” CISA said.
“Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions.”
In addition, CISA encouraged organizations to review a guidance on setting up strong authentication.
Currently, CISA’s list of Bad Practices includes the following:
Use of unsupported (or end-of-life) software
Use of known/fixed/default passwords and credentials
The use of single-factor authentication for remote or administrative access.