Lack of multi-factor authentication

Description

Critical services of the system, such as databases, shared resources containing sensitive information and web services, are not protected by a multi-factor authentication mechanism. This makes it easier for an attacker who has compromised a user’s account to access those resources.

Requirements

• 229. Request access credentials

• 231. Define a biometric verification component

• 264. Request authentication

• 319. Make authentication options equally secure

• 328. Request MFA for critical systems