A company has client computers that run Windows 8.1.
The company implements the following security requirements:
All client computers must use two-factor authentication.
At least one authentication method must include exactly four characters or gestures.
You need to choose authentication methods that comply with the security requirements.
Which two authentication methods should you choose? (Each correct answer presents part of the solution. Choose two.)
A. PIN
B. Biometric authentication
C. Picture password
D. Microsoft account
Correct Answer: AB
Explanation/Reference:
Explanation:
Something the user knows: PIN (4 digits)
One might be tempted to think the photo for the picture password is something the User has.
But it is something the User knows, too:
He knows how to draw the gestures (maximum 3 gestures supported with picture password), and it is no physical object (like a token, smart card …)
The MS Account is too something the user knows.
So the answer must be Biometric authentication.
Two-factor authentication requires the use of two of the three authentication factors:
Something the user knows (e.g., password, PIN);
Something the user has (physical Object) (e.g., ATM card, smart card); and Something the user is (e.g., biometric characteristic, such as a fingerprint).
The factors are identified in the standards and regulations for access to U.S. Federal Government systems.
http://en.wikipedia.org/wiki/Multi-factor_authentication
Multi-factor authentication
..
Two-factor authentication requires the use of two of the three authentication factors. The factors are identified in the standards and regulations for access to U.S. Federal Government systems. These factors are:
Something only the user knows (e.g., password, PIN, pattern); Something only the user has (e.g., ATM card, smart card, mobile phone); and Something only the user is (e.g., biometric characteristic, such as a fingerprint).
1. Something the user knows: PIN
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Sign in with PIN code (4-digit code) is not possible for a domain user, it is not even visible in PC Settings -> Users (if machine is not domain joined you see it). To enable it for even domain joined computer/users you can enable the policy Turn on PIN sign-in and it becomes visible.
2. Something only the user is: Biometric authentication
http://john.bryntze.net/jbkb-v2/certification-exam-70-687-configuring-windows-8-part-4-configure-access-to- resources-14/
Biometric in Windows 8 is built on Windows Biometric Framework and relies on Windows Biometric service that is set to start up manual by default.
Further information:
Something the user knows: Picture password
Problem: limited to 3 gestures
Something the user knows: Microsoft account
Problem: not limited to 4 characters