CISA Provides Single-Issue Authentication to the Listing of Unhealthy Practices

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) on Monday added single-factor authentication to the brief checklist of “exceptionally dangerous” cybersecurity practices that might expose vital infrastructure in addition to authorities and the personal sector entities to devastating cyberattacks.

Single-factor authentication is a method of signing in customers to web sites and distant techniques through the use of just one means of verifying their id, usually a mix of username and password. It is thought-about to be of low-security, because it closely depends on “matching one issue — reminiscent of a password — to a username to achieve entry to a system.”

Stack Overflow Teams

However with using weak, reused, and customary passwords posing a grave risk, using single-factor authentication can result in pointless threat of compromise and improve the potential for account takeover assaults.

With the newest improvement, the list of bad practices now encompasses —

  • Use of unsupported (or end-of-life) software program
  • Use of recognized/mounted/default passwords and credentials, and
  • Use of single-factor authentication for distant or administrative entry to techniques

“Though these Unhealthy Practices ought to be prevented by all organizations, they’re particularly harmful in organizations that assist Important Infrastructure or Nationwide Important Features,” CISA mentioned.

“The presence of those Unhealthy Practices in organizations that assist Important Infrastructure or NCFs is exceptionally harmful and will increase threat to our vital infrastructure, on which we rely for nationwide safety, financial stability, and life, well being, and security of the general public,” the company famous.

Enterprise Password Management

Moreover, CISA is considering adding a variety of different practices to the catalog, together with —

  • Utilizing weak cryptographic features or key sizes
  • Flat community topologies
  • Mingling of IT and OT networks
  • Everybody’s an administrator (lack of least privilege)
  • Utilization of beforehand compromised techniques with out sanitization
  • Transmission of delicate, unencrypted / unauthenticated visitors over uncontrolled networks, and
  • Poor bodily controls

Source link