Your company's security policy mandates the implementation of measures to defend against password-guessing attacks on user accounts. As part of strengthening the defense, which of the following would most effectively mitigate the risk of a dictionary attack?
Disable user accounts outside of business hours
Require passwords to be changed every 30 days
Enforce an account lockout policy after three unsuccessful login attempts
Enforce a minimum password length of eight characters
Implementing account lockout policies after a certain number of failed login attempts helps prevent attackers from repeatedly trying different passwords until they find the correct one. By limiting the number of guesses, it reduces the effectiveness of dictionary attacks. Longer, complex passwords and regular password changes are good practices, but they do not directly prevent multiple automated guesses like an account lockout policy does. Disabling user accounts after hours may reduce the attack window but does not prevent the attack itself.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a dictionary attack?
Open an interactive chat with Bash
Why is an account lockout policy effective against dictionary attacks?
Open an interactive chat with Bash
What are some other measures to enhance password security?