Two Factor Authentication Should Be Enabled for Collaborators

policy name: two_factor_authentication_is_disabled_for_a_collaborator

severity: HIGH

Description

A collaborator’s two factor authentication is disabled. Turn it on in the collaborator setting, or globally in the account, to prevent any access without MFA.

Threat Example(s)

Collaborators without two-factor authentication are prime targets for phishing and social engineering attacks, as compromise only requires acquiring the collaborator’s password.

Remediation

1. Login with the user credentials
2. Go to the user settings page
3. Select ‘Account’ on the left navigation bar
4. Press ‘Enable two-factor authentication’