Skip to main content

Assign MFA mechanisms to a single account

Requirement#

The system must associate each secondary authentication mechanism with a single account.

Description#

Single-factor authentication mechanisms often offer poor security due to the weak, common or easy-to-guess passwords that users tend to set. Secondary authentication mechanisms, such as physical or logical security tokens, smart cards and certificates, help guarantee the identity of actors trying to authenticate. However, their value highly decreases when they are shared by multiple accounts.

References#