From bleepingcomputer.com
Single-factor authentication (SFA) has been added today by the US Cybersecurity and Infrastructure Security Agency (CISA) to a very short list of cybersecurity bad practices it advises against.
CISA’s Bad Practices catalog includes practices the federal agency has deemed “exceptionally risky” and not to be used by organizations in the government and the private sector as it exposes them to an unnecessary risk of having their systems compromised by threat actors.
They are exceptionally dangerous for orgs that support Critical Infrastructure or National Critical Functions (NCFs) responsible for national security and economic stability, as well as the public’s safety.
Furthermore, these dangerous practices are “especially egregious” on Internet-exposed systems that threat actors could target and compromise remotely.