The US Cybersecurity and Infrastructure Security Agency (CISA) announced that it has added single-factor authentication (SFA) to a rather short list of cybersecurity bad practices it recommends against