A project team is developing requirements of the new version of a web application used by internal and
external users. The application already features username and password requirements for login, but the
organization is required to implement multifactor authentication to meet regulatory requirements. Which
of the following would be added requirements will satisfy the regulatory requirement? (Select THREE.)

A.
Digital certificate

B.
Personalized URL

C.
Identity verification questions

D.
Keystroke dynamics

E.
Tokenized mobile device

F.
Time-of-day restrictions

G.
Increased password complexity

H.
Rule-based access control