Single-factor authentication poses unnecessary risk to the information system since most single-factor authentication methods use only a userid and password. Passwords are, in most cases, easily hacked with the right tools. Multifactor authentication uses multiple levels of identification and authorization criteria and provides a much stronger level of security than single-factor. As users have access to many of the files on the platform, using a single-factor authentication approach provides an easy avenue of attack for a malicious user, to include escalation of privileges.
Factors include:
(i) something you know (e.g., password/PIN);
(ii) something you have (e.g., cryptographic identification device, token); or
(iii) something you are (e.g., biometric).
In the case of network device communications, when one of the authentication factors is provided by a device that is separate from the system gaining access, this is referred to as out-of-band two-factor authentication. Out-of-band two-factor authentication employs separate communication channels, at least one of which is independently maintained and trusted to authenticate an end user.
Non-privileged accounts are not authorized on the network device, regardless of configuration.
|