Ian wants to deploy multifactor tokens to his organization. Which of the following provides the greatest security?

Hardware tokens provide the greatest security because they need to be physically present to be used. Application-based tokens are more secure than SMS in many cases because SMS can be redirected or accessed through SIM-swapping and other attacks. Extending password length does not provide a second factor and is the least secure of these options by far.