After an internal penetration test showed that short employee passwords were cracked in minutes, management wants to update the corporate password policy. Which revised requirement BEST aligns with common enterprise standards for stronger user credentials?
Keep the current complexity rules but lower the minimum length to 8 characters
Set a minimum of 12 characters and require at least three of the following: uppercase letter, lowercase letter, number, symbol
Require 12-character passwords composed only of lowercase letters
Implement 6-digit numeric PINs that must be changed every 90 days
Longer passwords that include multiple character classes drastically increase the keyspace, making brute-force and dictionary attacks far slower. Requiring 12+ characters and at least three of the four character types (uppercase, lowercase, digit, symbol) is consistent with many higher-education and corporate standards. By contrast, keeping an eight-character minimum, limiting characters to lowercase only, or relying on a short numeric PIN still leaves passwords vulnerable to automated guessing tools.
Michigan Tech's published standard requires a minimum of 12 characters and at least three character classes.
CISA guidance urges long, random, mixed-character passwords and highlights that short or simple strings are easily cracked.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why does increasing password length improve security?
Open an interactive chat with Bash
What are the benefits of requiring multiple character types in a password?
Open an interactive chat with Bash
What is the difference between a PIN and a password in terms of security?