Step 4: Implement Multifactor Authentication
According to OWASP, authentication is not sufficient when weak passwords are used or are poorly protected. However, insufficient authentication/authorization is common because organizations assume that interfaces will only be exposed to users on internal networks and not to external users on other networks.
The solution is to implement multifactor authentication, which significantly strengthens the authentication process since it aims to remove the password. This eliminates many pervasive methods attackers commonly and successfully execute.
How it works: take something you have (e.g., a smart card provisioned with a digital certificate) and something you know (your PIN) to gain access to the data you need — or buildings and networks, for that matter — while ensuring that the organizations you interact with are secure.