The US Cybersecurity and Infrastructure Security Agency (CISA) recently added single-factor authentication (SFA) to its list of cybersecurity bad practices.
The organization warns that the practice is “exceptionally risky” when used for remote authentication or logging into administrative authorizations because attackers can use the low-security method to gain access to systems. allowing passwords to easily be stolen or guessed by various techniques.
Switching to multi-factor authentication (MFA) helps makes it more difficult for threat actors to carry out a successful attack.\
Commenting on the latest announcement, CISA said: “The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions (NCF) is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety.”
For more information, read the original story in Bleeping Computer.