The US’ CYbersecurity Infrastructure Security Agency (CISA) has added signle-factor authentication (SFA) to its list of bad practices, which outlines exceptionally risky cybersecurity practices. The agency has specified that this low-security method of authentication is particularly dangerous when used to secure Critical Infrastructure or National Critical Functions.
The list also includes the use of unsupported/end-of-life software that can no longer be patched, and the use of known/default passwords and credentials.
“The presence of these Bad Practices in organizations that support Critical Infrastructure or NCFs is exceptionally dangerous and increases risk to our critical infrastructure, on which we rely for national security, economic stability, and life, health, and safety of the public,” the agency said in a post published on Monday.
