Certified Information Privacy Technologist (CIPT) — Question 16

A privacy engineer has been asked to review an online account login page. He finds there is no limitation on the number of invalid login attempts a user can make when logging into their online account.
What would be the best recommendation to minimize the potential privacy risk from this weakness?

Answer options

• A. Implement a CAPTCHA system.
• B. Develop server-side input validation checks.
• C. Enforce strong password and account credentials.
• D. Implement strong Transport Layer Security (TLS) to ensure an encrypted link.

Correct answer: A

Explanation

Implementing a CAPTCHA system (Option A) helps to prevent automated brute force attacks by requiring human interaction, thereby reducing the risk of unauthorized access. The other options, while beneficial for security, do not directly address the issue of limiting invalid login attempts and therefore do not mitigate the specific privacy risk identified.