1 September 2021

CISA adds single-factor authentication to its list of Bad Practices


CISA adds single-factor authentication to its list of Bad Practices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the use of single-factor authentication for remote or administrative access systems to its list of “exceptionally risky cybersecurity practices”.

“Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system,” CISA said.

“Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions.”

In addition, CISA encouraged organizations to review a guidance on setting up strong authentication.

Currently, CISA’s list of Bad Practices includes the following:

  • Use of unsupported (or end-of-life) software

  • Use of known/fixed/default passwords and credentials

  • The use of single-factor authentication for remote or administrative access.


Back to the list

Latest Posts

Windows MSHTML bug used in ransomware attacks, Microsoft says

Windows MSHTML bug used in ransomware attacks, Microsoft says

According to the Windows maker, in the wild exploitation of CVE-2021-40444 began on August 18.
17 September 2021
State-backed hackers actively exploiting recently disclosed Zoho RCE bug

State-backed hackers actively exploiting recently disclosed Zoho RCE bug

The targeted entities include academic institutions, defense contractors, as well as critical infrastructure entities.
17 September 2021
Free REvil/Sodinokibi ransomware universal decryptor released

Free REvil/Sodinokibi ransomware universal decryptor released

The tool works for all REvil victims whose files were encrypted in attacks prior to July 13, 2021.
17 September 2021
Featured vulnerabilities
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in cflinuxfs3
Medium Patched | 17 Sep, 2021
Information disclosure in Git
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in GLPI
Medium Patched | 17 Sep, 2021
Multiple vulnerabilities in cflinuxfs3
Medium Patched | 17 Sep, 2021