2.2.2 Use of weak authenticators is limited to secondary verification and transaction approvalΒΆ

Verify that the use of weak authenticators (such as SMS and email) is limited to secondary verification and transaction approval and not as a replacement for more secure authentication methods. Verify that stronger methods are offered before weak methods, users are aware of the risks, or that proper measures are in place to limit the risks of account compromise.

Level 1 X
Level 2 X
Level 3 X
CWE NIST
304 5.2.10