Assignmet 8 week 8-BD308-2482420985-Salman Hakiki

pertanyaan:

  1. Why is MFA significantly more secure than a password alone?
  2. Explain Role-Based Access Control (RBAC) and how it helps enforce the principle of least privilege.
  3. What are the security risks associated with not deactivating employee accounts immediately after they leave the company?

status: 100%

keterangan: saya sudah mengerjakan dengan baik dan benar

bukti:

1.

MFA (multi-factor authentication) is much more secure than using a password alone because it does not rely on a single form of identity verification. A password is “something you know,” and the problem is that this can be easily exposed through phishing, data breaches, brute-force attacks, or by being reused across multiple services. Once a password is known by someone else, the account can usually be taken over immediately.

With MFA, the system does not rely on the password alone but requires an additional factor such as “something you have” (for example, a phone, an authenticator app, or a hardware key) or even “something you are” such as a fingerprint or facial recognition. This means that even if the password is stolen, an attacker still cannot log in without access to the second factor.

2.Role-Based Access Control (RBAC) is a security model where access to systems and resources is granted based on a user’s role within an organization, rather than assigning permissions individually to each user. A role represents a collection of permissions that define what someone in that position is allowed to do.

In practice, instead of giving each employee or service direct access to specific resources, you assign them a role such as “admin,” “developer,” or “viewer.” Each role already has predefined permissions. For example, a developer role might allow deploying applications and reading logs, while a viewer role might only allow reading data without making any changes.

3.Not deactivating employee accounts immediately after they leave a company creates a serious security gap because that account is still a valid, trusted identity in the system even though the person no longer has authorization. In practice, it means the organization is keeping an “open door” into its systems without anyone

Previous Post Previous Post
Newer Post Newer Post

Leave a comment