During an assessment of a confidential medical records platform, you discover that employees rely on passphrase-based sign-ins. The company's senior management wants to reduce the risks tied to account breaches while not requiring staff to carry extra hardware. Which additional step would best increase resilience against compromised passwords?
A mandatory challenge question referencing past addresses
A common login gateway that reuses the same passphrase throughout the day
A mobile application that requests confirmation for each login attempt
An emailed sign-on link triggered whenever someone signs in
A separate prompt or passcode bolsters protection because it verifies access requests with a different factor, such as a secure application on a separate device. An emailed link is vulnerable if the mailbox is hijacked, challenge questions are not strong when answers can be guessed or stolen, and reusing the same passphrase through a common gateway does not mitigate compromise. Confirming logins with an app-based approach provides both security and user convenience.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a passphrase-based sign-in?
Open an interactive chat with Bash
Why is a confirmation request through a mobile app more secure?
Open an interactive chat with Bash
What makes emailed sign-in links and challenge questions less secure?