A project team is developing requirements of the new version of a web application used by internal and external users. The application already features username
and password requirements for login, but the organization is required to implement multifactor authentication to meet regulatory requirements. Which of the
following would be added requirements will satisfy the regulatory requirement? (Select THREE.)

A.
Digital certificate

B.
Personalized URL

C.
Identity verification questions

D.
Keystroke dynamics

E.
Tokenized mobile device

F.
Time-of-day restrictions

G.
Increased password complexity

H.
Rule-based access control