An IT administrator must strengthen remote logon security for employees who currently sign in with only a username and password. Management wants the MOST secure authentication option that still keeps passwords in place. Which of the following configurations would BEST meet this requirement?
Password only
Password plus a six-digit code sent by SMS
Password plus a FIDO2-compliant hardware security key
Password plus a built-in fingerprint reader on the same laptop
Combining a hardware security key with the existing password adds a phishing-resistant possession factor to the knowledge factor. The key performs cryptographic challenge-response and must be physically present, making it far harder to intercept or replay. SMS codes are susceptible to SIM-swap and interception, a built-in fingerprint reader does not provide a separate physical device and can be spoofed, and a password alone offers the least protection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is two-factor authentication (2FA)?
Open an interactive chat with Bash
What is a hardware token?
Open an interactive chat with Bash
Why is relying solely on a username and password less secure?