Which of the following would BEST improve security while meeting these requirements?

A security architect has been assigned to a new digital transformation program. The objectives are to provide better capabilities to customers and reduce costs.

The program has highlighted the following requirements:

✑ Long-lived sessions are required, as users do not log in very often.

✑ . The solution has multiple SPs, which include mobile and web applications.

✑ A centralized IdP is utilized for all customer digital channels.

✑ . The applications provide different functionality types such as forums and customer portals.

✑ . The user experience needs to be the same across both mobile and web-based applications.

Which of the following would BEST improve security while meeting these requirements?
A . Social login to IdP, securely store the session cookies, and implement one-time passwords sent to the mobile device
B . Create-based authentication to IdP, securely store access tokens, and implement secure push notifications.
C . Username and password authentication to IdP, securely store refresh tokens, and implement context-aware authentication.
D . Username and password authentication to SP, securely store Java web tokens, and implement SMS OTPs.

View Answer

Answer: A