Use Multi Factor Authentication whenever possible

Multi-Factor Authentication (MFA) is a security system that verifies a user's identity by requiring multiple credentials. ... MFA is an effective way to provide enhanced security, as traditional usernames and passwords combinations can be stolen, and they've become increasingly more vulnerable to brute force attacks.

Multi Factor Authentication is generally based on one of the three following things: something users know (e.g. password), have in their possession (e.g. a telephone), or that is part of them (e.g. fingerprint). Multi-factor authentication combines 2 or more identification methods.

When using strong Multi Factor Authentication (Authenticator App, Biometrics, not SMS), password complexity rules and password expiration can be loosened, in order to facilitate the user acceptance and user adoption of this technology.

Strong authentication ensures that the person identified is in fact that person. It makes impersonations, ID thefts, 'man in the middle' attacks etc., much more difficult.

TASK

Use 2-factor/multi-factor authentication for critical applications and platforms where possible