An information security professional is reviewing user access controls on a customer-facing application. The application must have multi-factor authentication (MFA) in place. The application currently requires a username and password to login. Which of the following options would BEST implement MFA?
Correct Answer: D
Entering an automatically generated number from a hardware token would be the best option to implement multi-factor authentication (MFA) for a customer-facing application. MFA is a method of authentication that requires two or more independent factors to verify the identity of a user, such as something you know, something you have, or something you are. A hardware token is a device that generates a one-time password (OTP) or a personal identification number (PIN) that the user must enter along with their username and password to login. A hardware token provides a strong and secure second factor of authentication, as it is based on something the user has, and it is resistant to phishing, replay, or brute-force attacks. Geolocating the user and comparing to previous logins would not be a good option to implement MFA, as it is based on something the user is, which is a weak and unreliable factor of authentication, as it can be easily spoofed, manipulated, or inaccurate. Requiring a pre-selected number as part of the login would not be a good option to implement MFA, as it is based on something the user knows, which is the same factor as the username and password, and it does not provide any additional security or verification. Having the user answer a secret question that is known to them would not be a good option to implement MFA, as it is also based on something the user knows, and it can be easily guessed, forgotten, or compromised.