Which MFA configurations are considered secure, and what fallback methods should be prepared?

Study for the User Account Management Test. Enhance your skills with flashcards and multiple choice questions, each with hints and explanations. Be prepared for success!

Multiple Choice

Which MFA configurations are considered secure, and what fallback methods should be prepared?

Explanation:
Secure MFA relies on strong, phishing-resistant second factors and plans for when a factor isn’t available. Relying on SMS is risky because codes can be intercepted,SIM-swapped, or ported to another user, so it’s not considered a secure stand-alone factor. The best configurations use authenticator apps, hardware tokens, or FIDO2 keys, which generate codes locally or use public-key cryptography and aren’t easily phishable or intercepted. Requiring MFA for sensitive or privileged actions adds an extra layer of protection, so even if a password is compromised, critical operations still require a second form of verification. Backups and recovery are essential. Have recovery codes or other secure fallback methods so users aren’t locked out if their primary factor is unavailable. This can include a secondary authenticator, a backup hardware token, or secure offline recovery options. In short, a secure setup uses modern, resistant second factors, enforces MFA for high-risk actions, and includes reliable recovery options.

Secure MFA relies on strong, phishing-resistant second factors and plans for when a factor isn’t available. Relying on SMS is risky because codes can be intercepted,SIM-swapped, or ported to another user, so it’s not considered a secure stand-alone factor. The best configurations use authenticator apps, hardware tokens, or FIDO2 keys, which generate codes locally or use public-key cryptography and aren’t easily phishable or intercepted. Requiring MFA for sensitive or privileged actions adds an extra layer of protection, so even if a password is compromised, critical operations still require a second form of verification.

Backups and recovery are essential. Have recovery codes or other secure fallback methods so users aren’t locked out if their primary factor is unavailable. This can include a secondary authenticator, a backup hardware token, or secure offline recovery options. In short, a secure setup uses modern, resistant second factors, enforces MFA for high-risk actions, and includes reliable recovery options.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy