Question Scenario :– you want to login your website A account. When you open the login page, you see 3 options, a username field, a password field, and otp field. You entered your username which was your identity, and you entered your password which was a type 1 authentication factor i.e. something you know. Last field is otp which is a one time password that will be generated from the server and sent to your mobile phone. Which you have to enter in within 120 seconds. Now remember if you do not enter it in 120 seconds, the session expires on the server and you will be requested to refresh the page again. When you refresh the page again, it resets the cookie to give you new session.

Question :- What type of authentication is this OTP and what will be the next step in IAAA ?

a) Type 1 and auditing
b) Type 2 and authorization
c) Type 3 and authentication
d) Type 4 and accountability


Answer :- Their are 2 ways to solve this problem, either you know Type 1,2,3,4 Authentication and you can answer in this way that Type 1 is Something you know like a Password, Type 2 is something you have like a Smart Card, Type 3 is something you are like your FingerPrint, Type 4 is somewhere you are like your IP Address and Finally Type 5 is something you do like your Pattern Unlocking Gestures

Second Approach is to know the Steps of IAAA that is Identity > Authentication > Authorization > Auditing > Accountability

In this case it is B.) Type 2 because OTP is something you have and is an authentication factor so next step is Authorization


i know this mentod of explining things is awesome, checkout for my CISSP MasterClass
you want to contact me ? book a meeting at