CERTIFIED-IN-CYBERSECURITY Question #148: Real Exam Question with Answer & Explanation

Question

Which of these technologies is the LEAST effective means of preventing shared accounts?

Options

• ARequiring one-time passwords via a token
• BRequiring biometric authentication
• CPassword complexity requirements
• DRequiring a one-time password via an application

Explanation

Password complexity requirements do not prevent the sharing of complex passwords, making it the least effective option from the list. Enforcing complex passwords is a good practice for improving account security, but it does not effectively prevent account sharing. Users can still share complex passwords, making this the least effective measure for preventing account sharing. For example, consider a scenario in an enterprise environment where a team shares a single account for a software tool. Even if the password is complex, one team member can easily share the password with others, defeating the purpose of individual accountability and potentially compromising security. The other options are more effective at preventing shared accounts. Requiring biometric authentication requires the registered user to be physically present when logging in, making account sharing much more difficult. One-time passwords via a token or application are difficult to share because they are valid for a single login session and then expire. With one-time passwords, even if a user wanted to share their account, they would have to share the token or give access to the application that generates the one-time password each time, which is very inconvenient and discourages account sharing. Therefore, these methods are more effective at preventing account sharing than password complexity requirements.

No community discussion yet for this question.