An organization wants a sign-on method that eliminates user-managed secrets and reduces the risk of stolen credentials. Which method best addresses this goal?
Prompt users to provide a PIN when an encrypted challenge message appears
Have the user keep a pass phrase in a protected vault and rotate it regularly
Use a dedicated hardware item that secures a cryptographic key for sign-on
Generate a one-time numeric entry and send it by text for each login
A hardware-based key approach provides a strong mechanism that does not rely on user-managed secrets. It limits exposure by relying on cryptographic keys instead of a memorized sequence. Methods like one-time codes, pass storage services, and PIN-based challenges still involve secrets that can be intercepted or guessed. By leveraging a discrete device that performs the cryptographic exchange, the credentials do not exist in a format that attackers can easily capture or reuse.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hardware-based cryptographic key?
Open an interactive chat with Bash
Why are secrets like passphrases or PINs more vulnerable?
Open an interactive chat with Bash
How does cryptographic exchange improve security during sign-on?