Use multi-factor authentication whenever possible

Multi-Factor Authentication (MFA) is a security system that verifies a user's identity by requiring multiple credentials.

MFA is an effective way to provide enhanced security, as traditional username and password combinations can be stolen, and they've become increasingly more vulnerable to brute force attacks.

Multi-factor authentication is generally based on one of the three following things: something users know (e.g. password), have in their possession (e.g. a telephone), or that is part of them (e.g. fingerprint). Multi-factor authentication combines 2 or more identification methods. For users with access to sensitive data, such as admins, we advise to use a hardware authenticator. Such users should not be permitted to use SMS as a MFA method, because SMS is susceptible to interception. For standard users, SMS is still a valid option.

When using strong multi-factor authentication (Authenticator App, biometrics), password complexity rules and password expiration can be loosened, to facilitate the adoption of this technology.

Strong authentication ensures that the person identified is that person. It makes impersonations, ID thefts, 'man in the middle' attacks, etc., much more difficult.

TASK

Use 2-factor/multi-factor authentication for critical applications and platforms where possible