Describe one security measure that could be used, in addition to a password, to make sure that a user is who they are claiming to be [2]
Answer
1 mark for method, 1 mark for valid expansion
- A code can be sent to your phone as a (text) message/in an email/as a pop-up to one of your devices...
- the user then types in the code (as well as the password) any hacker would need to access the phone as well as the password
- An authenticator app on a mobile phone...
- this generates a code which the user uses to complete the log-in
- Use two-factor authentication/2FA // strong customer/multi-factor authentication...
- this asks for a second form of identification such as something you know/possess/are
- Biometrics...
- (to be authenticated) reference data is compared to the individual’s (unique) biometric data
- Smart cards/fobs....
- the user inserts a Smart Card to a reader and enters the PIN, the authentication request is then verified (using digital certificates)
- Ask security / memorable question...
- the user is asked a question that only they know the answer to