Security News > 2021 > August > CISA: Don’t use single-factor auth on Internet-exposed systems
CISA's Bad Practices catalog includes practices the federal agency has deemed "Exceptionally risky" and not to be used by organizations in the government and the private sector as it exposes them to an unnecessary risk of having their systems compromised by threat actors.
These dangerous practices are "Especially egregious" on Internet-exposed systems that threat actors could target and compromise remotely.
"The use of single-factor authentication for remote or administrative access to systems supporting the operation of Critical Infrastructure and National Critical Functions is dangerous and significantly elevates risk to national security, national economic security, and national public health and safety," CISA says.
CISA has also opened a GitHub Bad Practices discussions page to allow IT professionals and admins to provide feedback and share their expertise on defending against them.
"Although these Bad Practices should be avoided by all organizations, they are especially dangerous in organizations that support Critical Infrastructure or National Critical Functions," CISA added.
"CISA encourages all organizations to review the Bad Practices webpage and to engage in the necessary actions and critical conversations to address Bad Practices."