An organization wants a sign-on method that eliminates user-managed secrets and reduces the risk of stolen credentials. Which method best addresses this goal?
Have the user keep a pass phrase in a protected vault and rotate it regularly
Generate a one-time numeric entry and send it by text for each login
Prompt users to provide a PIN when an encrypted challenge message appears
Use a dedicated hardware item that secures a cryptographic key for sign-on
A hardware-based key approach provides a strong mechanism that does not rely on user-managed secrets. It limits exposure by relying on cryptographic keys instead of a memorized sequence. Methods like one-time codes, pass storage services, and PIN-based challenges still involve secrets that can be intercepted or guessed. By leveraging a discrete device that performs the cryptographic exchange, the credentials do not exist in a format that attackers can easily capture or reuse.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hardware-based key and how does it work?
Open an interactive chat with Bash
Why are user-managed secrets considered less secure?
Open an interactive chat with Bash
What is the role of cryptographic keys in secure authentication?