https://wiki.idesg.org/index.php?action=history&feed=atom&title=Secure_Req_8Secure Req 8 - Revision history2026-05-01T09:43:23ZRevision history for this page on the wikiMediaWiki 1.38.4https://wiki.idesg.org/index.php?title=Secure_Req_8&diff=6662&oldid=prevOmaerz: 7 revisions imported: Initial Upload of old pages from IDESG Wiki2018-06-28T04:03:37Z<p>7 revisions imported: Initial Upload of old pages from IDESG Wiki</p>
<p><b>New page</b></p><div>''<< Back to [[Baseline_Functional_Requirements_v1.0|Baseline Functional Requirements Index]]''<br />
<br />
== SECURE-8. MULTIFACTOR AUTHENTICATION ==<br />
Entities that authenticate a [[IDEF Glossary USERS|USER]] MUST offer authentication mechanisms which augment or are alternatives to a password.<br />
<br />
=== SUPPLEMENTAL GUIDANCE ===<br />
Entities must offer users an authentication mechanism other than single-factor authentication based<br />
on a password as a shared secret. Examples include (but are not limited to): “something-you-have”<br />
(e.g., computing device, USB token, mobile phone, key fob, etc.) or “something-you-are” (e.g.,<br />
biometric), or a combination of these. The additional or alternative mechanism(s) must ensure the<br />
binding and integration necessary for use as an authentication mechanism. See [[Secure Req 9|SECURE-9<br />
(AUTHENTICATION RISK ASSESSMENT)]] and its Supplemental Guidance for more information about<br />
choosing risk appropriate authentication mechanisms.<br />
<br />
=== REFERENCES ===<br />
NIST SP 800-63-2<br />
<br />
=== APPLIES TO ACTIVITIES ===<br />
[[IDEF Functional Model AUTHENTICATION|AUTHENTICATION]]<br />
<br />
=== KEYWORDS ===<br />
[[IDEF Keywords AUTHENTICATION|AUTHENTICATION]], [[IDEF Keywords MULTIFACTOR|MULTIFACTOR]], [[IDEF Keywords SECURITY|SECURITY]], [[IDEF Keywords TOKEN|TOKEN]]<br />
<br />
----<br />
----<br />
Quick Links: [[SALS]] | [[Baseline Functional Requirements v1.0]] | [[Glossary]] |<br />
<br />
----<br />
----</div>Omaerz