CISA Adds Single-Factor Authentication to the List of Bad Practices

Cyber Security

Products You May Like

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of “exceptionally risky” cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks.

Single-factor authentication is a method of signing in users to websites and remote systems by using only one way of verifying their identity, typically a combination of username and password. It’s considered to be of low-security, since it heavily relies on “matching one factor — such as a password — to a username to gain access to a system.”

Stack Overflow Teams

But with weak, reused, and common passwords posing a grave threat and emerging a lucrative attack vector, the use of single-factor authentication can lead to unnecessary risk of compromise and increase the possibility of account takeover by cybercriminals.

With the latest development, the list of bad practices now encompasses —

  • Use of unsupported (or end-of-life) software
  • Use of known/fixed/default passwords and credentials, and
  • Use of single-factor authentication for remote or administrative access to systems

“Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions,” CISA said.

“The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public,” the agency noted.

Prevent Data Breaches

Additionally, CISA is considering adding a number of other practices to the catalog, including —

  • Using weak cryptographic functions or key sizes
  • Flat network topologies
  • Mingling of IT and OT networks
  • Everyone’s an administrator (lack of least privilege)
  • Utilization of previously compromised systems without sanitization
  • Transmission of sensitive, unencrypted / unauthenticated traffic over uncontrolled networks, and
  • Poor physical controls

Products You May Like

Articles You May Like

The Callisto Protocol Gets New Trailer, Starring Karen Fukuhara From The Boys
Flipkart Big Billion Days 2022 Sale: Best Deals Under Rs. 5,000
NASA’s DART Mission First Step Towards Preventing Possible Asteroid Armageddon, Indian Scientists Say
NASA, SpaceX to Explore Methods to Boost Hubble Telescope Orbit to Extend Lifespan
Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

Leave a Reply

Your email address will not be published.