| Single-factor authentication poses unnecessary risk on the information system since most single-factor authentication methods use only a userid and password. Passwords are, in most cases, easily hacked with the right tools. Multifactor authentication utilizes multiple levels of identification and authorization criteria and provides a much stronger level of security than single-factor. As users have access to many of the files on the platform, using a single-factor authentication approach provides an easy avenue of attack for a malicious user, to include potential escalation of privileges.
Factors include:
(i) something you know (e.g., password/PIN);
(ii) something you have (e.g., cryptographic identification device, token); or
(iii) something you are (e.g., biometric).
Non-privileged accounts are not authorized on the network device, regardless of configuration. |
