Secure Access Management for Multifactor Authentication - Best Practices

Implementing Effective Access Management for Secure Websites

Prev Question Next Question

Question

An organization hosts a public-facing website that contains a login page for users who are registered and authorized to access a secure, non-public section of the site.

That non-public site hosts information that requires multifactor authentication for access.

Which of the following access management approaches would be the BEST practice for the organization?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

In this scenario, the organization needs to implement a strong access management approach to ensure that only authorized users can access the secure, non-public section of the website. Multifactor authentication is required, which means that users must provide more than one form of authentication before they can access the sensitive information.

Out of the four options given, the best practice for this organization would be to implement username/password with TOTP (Time-based One-Time Password). Here's why:

A. Username/password with TOTP: This approach requires users to enter their username and password, as well as a one-time code generated by an authenticator app, such as Google Authenticator. This means that even if a user's password is compromised, an attacker would still need access to the user's mobile device to generate the TOTP code. This is a strong form of authentication that provides an additional layer of security beyond just a username and password.

B. Username/password with pattern matching: This approach is not as strong as TOTP, as it relies on users creating a unique pattern when they create their password. While this can be effective against simple attacks such as dictionary attacks, it is not as strong as multifactor authentication.

C. Username/password with a PIN: This approach is similar to pattern matching in that it relies on users creating a unique PIN in addition to their password. Again, this is not as strong as multifactor authentication.

D. Username/password with a CAPTCHA: This approach is used to prevent automated attacks, such as brute force attacks, by requiring users to solve a visual puzzle. While this can be effective in preventing automated attacks, it does not provide the additional layer of security that multifactor authentication does.

Overall, the best approach for this organization would be to implement multifactor authentication with TOTP, as it provides a strong form of authentication that is difficult to compromise.