During an assessment of a confidential medical records platform, you discover that employees rely on passphrase-based sign-ins. The company's senior management wants to reduce the risks tied to account breaches while not requiring staff to carry extra hardware. Which additional step would best increase resilience against compromised passwords?
A common login gateway that reuses the same passphrase throughout the day
A mandatory challenge question referencing past addresses
An emailed sign-on link triggered whenever someone signs in
A mobile application that requests confirmation for each login attempt
A separate prompt or passcode bolsters protection because it verifies access requests with a different factor, such as a secure application on a separate device. An emailed link is vulnerable if the mailbox is hijacked, challenge questions are not strong when answers can be guessed or stolen, and reusing the same passphrase through a common gateway does not mitigate compromise. Confirming logins with an app-based approach provides both security and user convenience.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a mobile application request for login confirmation?
Open an interactive chat with Bash
Why is an emailed sign-on link less secure than app-based confirmation?
Open an interactive chat with Bash
Why aren't challenge questions or reused passphrases sufficient for security?