A company that relies heavily on temporary staff members needs to secure shared physical workstations. The primary security goals are to ensure that all actions can be traced to a specific individual and to minimize the risk of account sharing. Which of the following methods best meets these requirements?
Use a prompt requiring a one-time code from a distinct source during each session.
Enforce an automatic screen lock after one minute of inactivity on all workstations.
Issue individual accounts for each temporary staff member.
Mandate rotation of passcodes on a periodic schedule.
Using a prompt that requires a one-time code from a distinct source (e.g., a mobile authenticator app) for each session is the best solution. This method, a form of multi-factor authentication (MFA), directly links the session to an individual's unique credential, ensuring accountability. Periodic passcode rotation is insufficient as it does not prevent a shared password from being distributed. Issuing individual accounts is a necessary foundational step but does not stop an authenticated user from letting another person use their active session. Enforcing an automatic screen lock secures unattended workstations but does not solve the core problem of verifying the user's identity at the beginning of a session or preventing credential sharing.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a one-time code, and how does it enhance security?
Open an interactive chat with Bash
What is the advantage of multi-factor authentication (MFA) over rotating passwords?
Open an interactive chat with Bash
How does issuing individual accounts differ from one-time code authentication in this context?