12 new national NIS2 framework versions published! Read more ->
Cyberday back to normal - related blog
Require all externally-exposed enterprise or third-party applications to enforce MFA, where
supported. Enforcing MFA through a directory service or SSO provider is a satisfactory
implementation of this Safeguard.
Systems containing important information should be logged in using a multi-authentication logon, also known as either “two-factor”, “multi-factor” or “dual factor” authentication.
For example, when first logging in with a password, a one-time authentication code can also be sent to the user as a text message. In this case, he has been identified by two factors (knowing the password and owning the phone).
Biometric identifiers (eg fingerprint) and other devices can also be used for two-stage authentication. However, it is worth considering the costs and implications for privacy.
The organization has strengthened security by enforcing multi-factor authentication (MFA) for all external applications, integrating it with a central directory or SSO, ensuring third-party compatibility, educating users on its importance, and monitoring compliance through regular reporting.
Multi-factor authentication (MFA) is required for administrators in the organization's key data systems.
For example, when first logging in with a password, a one-time identification code can also be sent to the user as a text message. In this case, he has been identified by two factors (knowing the password and ownership of the phone).
Biometric identifiers (e.g. fingerprints) and other devices can also be used for multi-stage authentication. However, it is worth considering the costs and implications for privacy.
Multi-factor authentication (MFA) helps protect devices and data. To apply it, users must have more information in the identity management system than just an email address - for example, a phone number or an attached authenticator application (e.g. Microsoft, Google, or LastPass Authenticator).
.png)
