Use of single‑factor authentication comes with cybersecurity risks

In Opinions

Amer Owaida, Security Writer at ESET explains that Cybersecurity and Infrastructure Security Agency (CISA), the federal agency in the USA urges organizations to ditch the bad practice and instead use multi-factor authentication methods

The CISA has added the use of single-factor authentication to its brief list of bad practices that it considers to be exceptionally risky when it comes to cybersecurity.

“Single-factor authentication is a common low-security method of authentication. It only requires matching one factor—such as a password—to a username to gain access to a system. Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions,” reads CISA’s announcement.

The federal agency went on to add that instead, organizations should refer to its guidance on setting up stronger and better authentication methods. CISA’s Capacity Enhancement Guide focusing on implementing strong authentication highlights the risks of using traditional single authentication methods such as the use of a username combined with a password.

Attackers could pilfer user access credentials through a variety of tried and tested tactics ranging from phishing and social engineering attacks to using brute-force attacks and keylogging malware. Once they get ahold of the usernames and passwords then breaching a system isn’t that difficult. CISA, therefore, recommends that switching to multi-factor authentication (MFA), which is a far safer option since it adds an extra layer of security and makes it excessively difficult for cybercriminals to breach user accounts.

According to a joint study conducted by Google, New York University, and University of California San Diego, organizations that adopted MFA could see a substantial boost to their resistance against malicious attacks. The study cited by CISA found that the use of MFA “blocked 100% of automated bots, 99% of bulk phishing attacks and 66% of targeted attacks on users’ Google accounts.”

Beyond the use of single-factor authentication, CISA’s catalog of Bad Practices also includes:

  • The use of unsupported or end-of-life software
  • The use of known/fixed/default passwords and credentials

“While these practices are dangerous for Critical Infrastructure and NCFs, CISA encourages all organizations to engage in the necessary actions and critical conversations to address Bad Practices,” CISA  said.

The federal agency also opened up discussion about Bad Practices on its GitHub so that system admins and IT professionals could pitch in with their suggestions and input on how to tackle the challenges of eliminating these practices.


You may also read!

Parimatch Polska ⭐️ Najlepszy Bukmacher Do Warsztatów Sportowych Online!

Parimatch Casino Recenzja Spis treści Darmowe Zakłady Bonus Kasynowy Parimatch Czy Zdołam Grać W Kasynie Za Darmo? Goście Na


The Electronic Data Room for Your Startup’s Strengths and gratification

The data rooms can be used simply by anyone who regularly exchanges crucial and confidential documents that offer important


ISnSC announces secure and temper proof National ID technology

ISnSC R&D FZ LLC announced Real ID based on ISnSC’s patented technology. Real ID works offline and can be


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu