Are you studying for the CEH certification?
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Which of these methods of Brute Force mitigation is able to completely defeat an online password attack and places complete account control in the hands of the user?
CAPTCHA
All are correct
Authentication re-attempt delay
Two-Factor Authentication
IP Blocking via Intrusion Prevention System
Account Lockout
Of all of these, only Two-Factor Authentication (2FA) fits the description. CAPTCHA, Account Lockout, and Authentication Delay are only able to mitigate attacks against one account. Most online brute-force attacks target multiple accounts with one password, and authentication delays, and IP blocking can be circumvented by proxies. 2FA places a secondary, temporally-generated password key in the hands of the user via smart-phone or e-mail that can only be entered one time. Brute-Forcers are, as of yet, unable to circumvent this system, which is entirely elective of the user. :)(: Unless, of course, your two factor is transmitted via SMS in which case you are wide open to the S7 vulnerability which can allow the attacker to receive your authentication code. And that costs ~$100 to set-up via certain websites. :)(:
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.