An organization hosts a public-facing website that contains a login page for users who are registered and authorized to access a secure, non-public section of the site. That non-public site hosts information that requires multifactor authentication for access. Which of the following access management approaches would be the BEST practice for the organization?
A. Username/password with TOTP
B. Username/password with pattern matching
C. Username/password with a PIN
D. Username/password with a CAPTCHA
Just another person saying D is the answer simply because if your email is hacked, there goes your username and password), with a captcha as Alex mentioned earlier is something you do. And it’s effective against brute force attacks.
The answer is D, the reason is that, username & password is something you know then with CAPTCHA is some thing you do.
Just another person chiming in to say that A is indeed the correct answer.
Answer is definitely A. CAPTCHA is not part of multifactor.
multifactor authentication > Answer is A
something you know, something you have