Question

In: Computer Science

Which of the following is a compensating control that will BEST reduce the risk of weak...

Which of the following is a compensating control that will BEST reduce the risk of weak passwords?

  • Requiring the use of onetime tokens
  • Increasing password history retention count
  • Disabling user accounts after exceeding maximum attempts
  • Setting expiration of user passwords to a shorter time

Solutions

Expert Solution

Answer:

Requiring the use of onetime tokens

A one-time password (OTP), also known as one-time pin, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid a number of shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has (such as a small keyring fob device with the OTP calculator built into it, or a smartcard or specific cellphone) as well as something a person knows (such as a PIN).

There are also different ways to make the user aware of the next OTP to use. Some systems use special electronic security tokens that the user carries and that generate OTPs and show them using a small display. Other systems consist of software that runs on the user's mobile phone. Yet other systems generate OTPs on the server-side and send them to the user using an out-of-bandchannel such as SMS messaging. Finally, in some systems, OTPs are printed on paper that the user is required to carry.

A time-synchronized OTP is usually related to a piece of hardware called a security token (e.g., each user is given a personal token that generates a one-time password). It might look like a small calculator or a keychain charm, with an LCD that shows a number that changes occasionally. Inside the token is an accurate clock that has been synchronized with the clock on the proprietary authentication server. On these OTP systems, time is an important part of the password algorithm, since the generation of new passwords is based on the current time rather than, or in addition to, the previous password or a secret key. This token may be a proprietary device, or a mobile phone or similar mobile device which runs software that is proprietary, freeware, or open-source. An example of time-synchronized OTP standard is Time-based One-time Password Algorithm (TOTP).


Related Solutions

Which of the following is a definition of control risk? The risk that the auditor’s assessment...
Which of the following is a definition of control risk? The risk that the auditor’s assessment of internal controls will be at less than the maximum level. The risk that the auditor will not detect a material misstatement. The susceptibility of material misstatement assuming there are no related internal control policies or procedures. The risk that a material misstatement will not be prevented or detected on a timely basis by the client’s internal controls.
Which of the following is the best definition for audit risk?
Which of the following is the best definition for audit risk?The risk that there is a misstatement based on the complexity of an entity or its industry.  The risk that the auditor will express an inappropriate audit opinion when the financial statements are materially misstated.  The risk that a client's internal controls will not detect a material misstatement.  The risk that an auditors procedures will not detect a material misstatement.
Which of the following is not an example of a compensating differential?
Which of the following is not an example of a compensating differential? a. paying workers who do dull, boring work higher wages than workers who do fun, interesting work, all else equal b. paying workers who work on the night shift higher wages than workers who work the day shift, all else equal c. paying workers who do more dangerous work higher wages than workers who do less dangerous work all e se equal d. paying workers with PhDs higher wages than workers with...
which of the following is an example of a compensating wage differential? In the market for...
which of the following is an example of a compensating wage differential? In the market for lawyers, top graduates from the top programs earn starting salaries that are significantly higher than the starting salaries earned by lower-ranked graduates from the lower-ranked programs. Nurse anesthetists are paid less than anesthesiologists (who have medical degrees). Popular movie stars like George Clooney command much higher salaries than other talented but lesser-known actors. Workers in a dynamite mine receive higher wages than if they...
Which one of the following would help reduce the level of risk when working in the...
Which one of the following would help reduce the level of risk when working in the warehouse? a. Training employees in working in cold conditions. b. Increasing the frequency of meetings. c. Regular reviews of the accident log. What corrective action could the two managers consider to reduce the likelihood of more employees going off sick with asthmatic conditions? a. Reduce the length of time employees are exposed to cold conditions by job rotation. b. Increase training and the supervision...
. List four strategies to control flystrike and describe how they reduce the risk of flystrike
. List four strategies to control flystrike and describe how they reduce the risk of flystrike
Which of the following statements gives the best definition/description of the risk that is associated with...
Which of the following statements gives the best definition/description of the risk that is associated with an investment? The total risk of an investment is the chance that it will earn a negative return. The total risk of an investment is the chance that it will earn a positive return. The total risk of an investment is the chance that it will earn a return other than the one that is expected. The total risk of an investment is measured...
Which of the following is a correct relationship? Group of answer choices A. Control risk and...
Which of the following is a correct relationship? Group of answer choices A. Control risk and planned detection risk have a direct relationship. B. Acceptable audit risk and planned detection risk have an inverse relationship. C. Planned detection risk and inherent risk have an inverse relationship. D. All of the above are correct relationships.
Which of the following best fits with the internal control of "Insurance" ? A.Preventive B.Detective C.Corrective...
Which of the following best fits with the internal control of "Insurance" ? A.Preventive B.Detective C.Corrective D.Mitigation
Which of the following best describes the activities of the production function? a. maintenance, inventory control, ...
Which of the following best describes the activities of the production function? a. maintenance, inventory control, and production planningb. production planning, quality control,manufacturing, and cost accountingc. quality control, production planning, manufacturing, and payrolld. maintenance, production planning, storage, and quality controle. manufacturing, quality control, and maintenance
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT