Users are issued security tokens to be used in combination with a PIN to access the corporate
virtual private network (VPN). Regarding the PIN, what is the MOST important rule to be included
in a security policy?
Users should not leave tokens where they could be stolen
Users must never keep the token in the same bag as their laptop computer
Users should select a PIN that is completely random, with no repeating digits
Users should never write down their PIN
If a user writes their PIN on a slip of paper, an individual with the token, the slip of paper, and the
computer could access the corporate network. A token and the PIN is a two-factor authentication
method. Access to the token is of no value with out the PIN; one cannot work without the other.
The PIN does not need to be random as long as it is secret.