A company has implemented a new security policy that requires all user passwords to be a mix of uppercase and lowercase letters, digits, and symbols. However, the policy does not specify a minimum length for these passwords. As a security consultant, you are evaluating their policy and need to recommend a change that best enhances the strength of user passwords. Which of the following recommendations would most effectively improve password security?
Require passwords to be changed every 30 days without setting a minimum length.
Implement a minimum password length of 16 characters.
Disallow the use of symbols in passwords to prevent complexity.
Implement a minimum password length of 12 characters.