OM-BP-0008: Make MFA mandatory for high privileged accounts (Best Practice)

Owned by David Doret
15-18-2020
1 min read

ID

OM-BP-0008

Name

Make MFA mandatory for high privileged accounts

Status

Active

Version

1.0

Best Practice

Assure that MFA is mandatory when using high privileged accounts.

Rationale

Threat actors may compromise the supply chain to gain an entry point for attacks.

Bad Practices

  • Do not use MFA when using high privileged accounts

Continuous Improvement

Implementation Details

Quotes

Adopt MFA

Multi-factor authentication can stop credential-based attacks dead in their tracks. Without access to the additional factor, the attacker can’t access the account or protected resource. MFA should be mandatory for all admin accounts and is strongly recommended for all users. The preferred method is to use an authenticator app rather than SMS or voice where possible.

(https://open-measure.atlassian.net/wiki/spaces/BIB/pages/794263553 , p. 73)

Bibliography

Follow us on LinkedIn | Discuss on Slack | Support us with Patreon | Sign-up for a free membership.

This wiki is owned by Open Measure, a non-profit association. The original content we publish is licensed under a Creative Commons Attribution 4.0 International License.