Multifactor Authentication: Best Practices for Enhanced Security

The Set of Actions for Multifactor Authentication

Prev Question Next Question

Question

Which set of actions satisfy the requirement for multifactor authentication?

Answers

A. The user enters a user name and password, and then re-enters the credentials on a second screen.

B. The user swipes a key fob, then clicks through an email link.

C. The user enters a user name and password, and then clicks a notification in an authentication app on a mobile device.

D. The user enters a PIN into an RSA token, and then enters the displayed RSA key on a login screen.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

This is an example of how two-factor authentication (2FA) works: 1

The user logs in to the website or service with their username and password.

The password is validated by an authentication server and, if correct, the user becomes eligible for the second factor.

The authentication server sends a unique code to the user's second-factor method (such as a smartphone app)

The user confirms their identity by providing the additional authentication for their second-factor method.

Multifactor authentication (MFA) is a security process that requires users to provide two or more authentication factors to verify their identity. Each authentication factor should be unique and independent, such as something you know (like a password), something you have (like a key fob), or something you are (like biometrics).

Out of the given options, option C satisfies the requirement for multifactor authentication.

Option A only requires the user to enter the same authentication factor twice (a password), which does not provide the required two-factor authentication.

Option B also only requires the user to provide one authentication factor (something they have - a key fob) and then follows it up with another factor (clicking an email link) that is still related to something they have. This is not considered a true MFA process because both factors fall under the same category of authentication.

Option D requires the user to provide two authentication factors (something they have - an RSA token and something they know - a PIN), but they are both entered into the same device or system, which makes them related and not truly independent factors.

Option C, on the other hand, requires the user to provide two independent factors - something they know (a password) and something they have (a mobile device). The mobile device generates a notification that the user must click on to complete the authentication process. This provides an additional layer of security beyond just the password.

In summary, for multifactor authentication to be effective, it should require two or more independent authentication factors that cannot be easily compromised or shared. Option C satisfies this requirement, while the other options fall short in some way.

Prev Question Next Question