When multi-factor authentication is implemented, none of the authentication factors on their own can be used for single-factor authentication to another system.
Topic
Multi-factor authentication
Applicable to
all
History
Priority
should
Mar 2022
Removed
The recommendation to prevent the reuse of a single factor used as part of multi-factor authentication for single-factor authentication to other systems was rescinded as it was not deemed practical. For example, in the case of multi-factor authentication for remote access to systems that don’t normally use multi-factor authentication, to do so would what have required that all users be issued with two different user accounts, one using a single factor for access and one using multiple factors for remote access – each with different passphrases.
2015
Where multi–factor authentication is implemented, none of the factors on their own should beuseful for authentication on another system.