Describe one security measure that could be used, in addition to a password, to make sure that a user is who they are claiming to be.
How to approach this question
1. Think of methods of authentication that aren't just "something you know" (like a password). Consider "something you have" or "something you are".
2. Choose one method, for example, biometrics or two-factor authentication (2FA).
3. Describe how it works. For biometrics, explain that it uses a unique physical trait. For 2FA, explain that it requires a second code from a separate device.
Full Answer
**Biometric authentication:** This uses a unique physical characteristic of the user, such as a fingerprint scan, facial recognition, or iris scan. The system compares the live biometric data with a stored template to verify the user's identity. This is difficult to fake or steal compared to a password.
A common and effective security measure to supplement passwords is **Two-Factor Authentication (2FA)** or **Multi-Factor Authentication (MFA)**.
**Description:** 2FA adds a second layer of security to the login process. After a user enters their correct password (the first factor - "something you know"), they are required to provide a second piece of evidence to prove their identity. This second factor is typically:
- **Something you have:** A one-time code generated by an authenticator app on their smartphone, or sent to them via SMS.
- **Something you are:** A biometric input like a fingerprint or face scan.
By requiring this second factor, even if an attacker steals the user's password, they still cannot access the account without also having physical access to the user's phone or their biometric data.
Common mistakes
✗ Just naming a method (e.g., "biometrics") without describing it.
✗ Describing a way to make passwords stronger (e.g., "use more characters") as this is not an *additional* measure.
✗ Naming a brand like "Google Authenticator" without explaining the underlying concept (2FA).
Expert