Disabling Vulnerable Authentication Methods
Turn off login methods that can be tricked into accepting false entries.
Plain language
This control is about turning off ways to log in that can easily be tricked. If we don't do this, someone could pretend to be you and get into your systems, causing chaos by stealing information or messing things up.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
July 2020
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system hardeningSection
Authentication hardeningOfficial control statement
Authentication methods susceptible to replay attacks are disabled.
Why it matters
If replay-susceptible authentication methods remain enabled, attackers can capture and reuse credentials to impersonate users, causing breaches and disruption.
Operational notes
Audit and disable replay-susceptible methods (e.g., NTLMv1, PAP, CHAP); enforce MFA and modern protocols like Kerberos, TLS, and SCRAM.
Implementation tips
- IT team should identify all current login methods used in the organisation. They can make a list by reviewing system settings and user access points to check if outdated or weak methods are still in use.
- System owners should work with the IT team to disable any login methods vulnerable to replay attacks. This involves turning off or updating methods that can be fooled by copied information, like some older password systems.
- Managers should inform staff about any changes to login procedures. They can do this through a team meeting or an email that clearly explains what will be different and how to use the new, secure login methods.
- Procurement should ensure any new technology bought by the organisation uses strong, modern authentication methods. They should ask vendors if the product includes protections like encryption and multi-factor authentication.
- HR should include training on secure login practices in their onboarding for new employees. This can be a simple online course or a video call that explains why secure logins matter and how to use them properly.
Audit / evidence tips
-
Aska list of all authentication methods currently in use
Goodshows only modern, secure methods being used with clear labels
-
Askrecords of meetings or communications about disabling vulnerable authentication methods
Goodincludes sign-off from IT and system owners
-
Askto see a policy document on authentication methods
Goodshows a recent policy detailing specific safe practices
-
Goodincludes up-to-date materials distributed to all relevant staff with confirmation of understanding
-
Aska vendor contract or procurement document for new tech purchases
Goodindicates the use of advanced, secure login methods like multi-factor authentication
Cross-framework mappings
How ISM-1603 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.5 | ISM-1603 requires authentication methods that are susceptible to replay attacks to be disabled | |
| handshake Supports (2) expand_less | ||
| Annex A 5.15 | ISM-1603 requires disabling authentication methods that are susceptible to replay attacks | |
| Annex A 5.17 | ISM-1603 requires disabling authentication methods that are susceptible to replay attacks | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.