What is considered a secure practice for password resets?

Study for the User Account Management Test. Enhance your skills with flashcards and multiple choice questions, each with hints and explanations. Be prepared for success!

Multiple Choice

What is considered a secure practice for password resets?

Explanation:
Secure password resets hinge on a user-initiated process that truly proves identity and keeps a record of what happens. The best approach is a self-service reset that uses multi-factor authentication and audit trails. MFA ensures the person renewing the password must demonstrate multiple factors of identity (for example, something they know plus something they have), making unauthorized resets much harder. The audit trail records who performed the reset, when, and from where, providing accountability and a way to detect suspicious activity. This approach avoids insecure practices like relying on challenge questions, which can be guessed or researched, and it avoids bottlenecks and potential insider risk from having resets handled only by IT staff. Allowing users to initiate a secure reset is essential; it’s not about never resetting passwords, but about ensuring the reset is done through a safe, verifiable process. So, self-service reset with MFA and audit trails is the best-fit practice.

Secure password resets hinge on a user-initiated process that truly proves identity and keeps a record of what happens. The best approach is a self-service reset that uses multi-factor authentication and audit trails. MFA ensures the person renewing the password must demonstrate multiple factors of identity (for example, something they know plus something they have), making unauthorized resets much harder. The audit trail records who performed the reset, when, and from where, providing accountability and a way to detect suspicious activity.

This approach avoids insecure practices like relying on challenge questions, which can be guessed or researched, and it avoids bottlenecks and potential insider risk from having resets handled only by IT staff. Allowing users to initiate a secure reset is essential; it’s not about never resetting passwords, but about ensuring the reset is done through a safe, verifiable process.

So, self-service reset with MFA and audit trails is the best-fit practice.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy