When systems cannot support multi-factor authentication, single-factor authentication using passphrases is implemented instead.
- Topic
- Single-factor authentication
- Applicable to
- all
History
- Priority
- must not
- Oct 2019
- When systems cannot support multi-factor authentication, single-factor authentication using passphrases is implemented instead.
- Security control 0417 was modified to reflect that passphrases are currently the only endorsed form of single-factor authentication.
- Sep 2019
- A numerical password is not used as the sole method of authenticating a user.
- 2015
- Agencies must not use a numerical password (or personal identification number) as the solemethod of authenticating a user.
- 2010
- Agencies must not use a numerical password (or personal identification number) as the sole method ofauthenticating a system user to access a system.
- 2008
- Agencies must not use a numerical password (or personal identification number) as the sole method of authorising a system user to access a system.