A company's IT security policy mandates the use of multifactor authentication to access corporate email on mobile devices. An employee, who has recently been issued a new company phone, needs to configure access to their corporate email. The phone is already set up to receive an SMS message as the first form of authentication. Which of the following would be the BEST option to satisfy the policy's second factor requirement?
Instruct the employee to set a complex passcode that must be entered to unlock the device before accessing the email application.
Configure a biometric scan, such as fingerprint or facial recognition, to be required upon accessing the corporate email application.
Set up a secure folder within the device where corporate emails can be stored separately from personal data.
Add multiple email addresses as a recovery option for the corporate email account.
A biometric scan is considered a strong second factor for authentication because it uses something the user 'is' (inherent factor). SMS messages provide something the user 'has' (possession factor), and together they make a robust two-factor authentication system. A complex passcode or using a secure folder within the device, while good security measures on their own, are not considered a separate factor from something the user knows (knowledge factor). Including multiple email addresses simply does not count as a method of two-factor authentication at all.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the different types of authentication factors?
Open an interactive chat with Bash
Why is biometric authentication considered strong security?
Open an interactive chat with Bash
What is two-factor authentication and why is it important?