Either multiple factors a certificate or a backbreaking passwordLets stop at this duty. The management of identities and their authorization does not fall into the category of the necessary minimum in the decree. It is therefore possible to deviate from these rules. If the regulated entity accepts them that is it does not set its rules differently then sooner or later an authentication mechanism based on with at least two different types of factors awaits it.
We know this for example from internet banking where until recently a code Indonesia WhatsApp Number Data described in an SMS message was required in addition to the entered password today in most cases it is logging into the banks mobile application and granting consent to log in.Before a business implements multi-factor authentication it should use logins using cryptographic keys or certificates.
It is strange that systematically the decree considers this method of authentication as temporary although in the case of keys stored on a token without the possibility of exporting it from it it represents at least the same level of security as 2FA. And if a company doesnt use either of these i.e. neither certificates nor multi-factor authentication then password hell awaits its users.Passwords must have at least 2 characters for users for administrators and 22 for technical asset accounts.
發表於 2024-3-11 14:14:36
收藏