The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added single-factor authentication to the quick listing of “exceptionally dangerous” cybersecurity practices that would expose crucial infrastructure in addition to authorities and the non-public sector entities to devastating cyberattacks.
Single-factor authentication is a method of signing in customers to web sites and distant methods through the use of just one approach of verifying their id, usually a mix of username and password. It is thought-about to be of low-security, because it closely depends on “matching one issue — reminiscent of a password — to a username to realize entry to a system.”
However with using weak, reused, and customary passwords posing a grave risk, using single-factor authentication can result in pointless threat of compromise and enhance the potential for account takeover assaults.
With the most recent growth, the list of bad practices now encompasses —
- Use of unsupported (or end-of-life) software program
- Use of identified/mounted/default passwords and credentials, and
- Use of single-factor authentication for distant or administrative entry to methods
“Though these Unhealthy Practices needs to be prevented by all organizations, they’re particularly harmful in organizations that assist Essential Infrastructure or Nationwide Essential Capabilities,” CISA mentioned.
“The presence of those Unhealthy Practices in organizations that assist Essential Infrastructure or NCFs is exceptionally harmful and will increase threat to our crucial infrastructure, on which we rely for nationwide safety, financial stability, and life, well being, and security of the general public,” the company famous.
Moreover, CISA is considering adding quite a few different practices to the catalog, together with —
- Utilizing weak cryptographic capabilities or key sizes
- Flat community topologies
- Mingling of IT and OT networks
- Everybody’s an administrator (lack of least privilege)
- Utilization of beforehand compromised methods with out sanitization
- Transmission of delicate, unencrypted / unauthenticated site visitors over uncontrolled networks, and
- Poor bodily controls