While attending a meeting with the human resources department, an organization's information security officer sees an employee using a username and password written on a memo pad to log into a specific service.
When the information security officer inquires further as to why passwords are being written down, the response is that there are too many passwords to remember for all the different services the human resources department is required to use.
Additionally, each password has specific complexity requirements and different expiration time frames.
Which of the following would be the BEST solution for the information security officer to recommend?
Click on the arrows to vote for the correct answer
A. B. C. D. E.B.
The best solution for the information security officer to recommend in this scenario would be to implement a Single Sign-On (SSO) solution.
SSO allows users to access multiple applications and services using a single set of login credentials, instead of having to remember multiple usernames and passwords. This would address the concern raised by the human resources department regarding the difficulty of remembering and managing multiple passwords with different complexity requirements and expiration time frames.
Additionally, SSO solutions often include features such as password policies and multi-factor authentication (MFA) to enhance security. Therefore, the organization could enforce password complexity requirements and periodic password changes through the SSO solution, which would eliminate the need for users to write down their passwords.
On the other hand, Multi-Factor Authentication (MFA) is also a good solution to enhance security. However, it does not address the issue of users having to remember and manage multiple passwords.
Deploying 802.1X and TACACS are network access control solutions that authenticate and authorize network devices and users, but they are not directly related to managing login credentials for applications and services.
Pushing SAML adoption could be a potential solution, as SAML (Security Assertion Markup Language) is a standard for exchanging authentication and authorization data between parties. However, it requires the organization to have a comprehensive identity and access management (IAM) infrastructure in place, which may be an expensive and time-consuming solution.
In conclusion, implementing an SSO solution would be the most efficient and effective solution to address the human resources department's concerns while enhancing security for the organization.