A company's bring-your-own-device (BYOD) policy requires every employee mobile device to use two-factor authentication (2FA) before any corporate email or application can be opened. Which method BEST satisfies this security requirement?
Protect each device with a fingerprint scanner only.
Rely solely on security questions for employee verification.
Use an authenticator app that generates time-based one-time passwords.
Require SMS text-message verification codes sent to the employee's phone.
An authenticator app that creates time-based one-time passwords (TOTPs) offers strong 2FA because the codes are generated locally, are valid for only 30-60 seconds, and are not tied to the phone number. This makes them immune to SIM-swapping and SMS interception attacks and allows use even when the device has no cellular or Wi-Fi connectivity. SMS codes, security questions, fingerprints alone, or similar single-factor methods do not meet the same security level or the definition of 2FA.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is two-factor authentication (2FA) and why is it important?
Open an interactive chat with Bash
How does an authenticator app work compared to SMS codes?
Open an interactive chat with Bash
Why isn’t a fingerprint scanner alone considered 2FA?