CompTIA Security+ (SY0-501) — Question 455

A security administrator is developing training for corporate users on basic security principles for personal email accounts.
Which of the following should be mentioned as the MOST secure way for password recovery?

Answer options

• A. Utilizing a single Qfor password recovery
• B. Sending a PIN to a smartphone through text message
• C. Utilizing CAPTCHA to avoid brute force attacks
• D. Use a different e-mail address to recover password

Correct answer: B

Explanation

The most secure method for password recovery is sending a PIN to a smartphone through text message (B), as it provides an additional layer of verification that is tied to the user's device. Utilizing a single question (A) can be easily guessed or researched by attackers. While CAPTCHA (C) helps prevent automated attacks, it does not assist in the recovery process. Using a different email address (D) might also be insecure if that account is compromised.