A company's leadership has mandated the implementation of stronger controls around password management to improve security posture. As part of this initiative, the CISO is revising the company's password policy. Which of the following changes to the password policy BEST aligns with effective security governance practices?
Mandating biometric authentication in addition to the password for all user accounts.
Increasing the mandatory password change frequency to every 30 days.
Disabling the account lockout feature after several incorrect password attempts.
Implementing a passphrase policy with a mix of upper and lower case letters, numbers, and symbols.
The use of a passphrase with complexity requirements helps in balancing security with usability. Passphrases are generally longer than traditional passwords and can incorporate complexity through the use of mixed-case letters, numbers, and symbols, making them more resistant to brute force attacks. The phrase structure also aids in memorability, potentially reducing the likelihood of password sharing and reuse. While requiring biometrics adds a level of security, it is not specifically a password policy change. Frequent password changes can lead to users selecting less secure passwords due to fatigue. Disabling account lockout negates a vital security control against brute force attacks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a passphrase and how is it different from a traditional password?
Open an interactive chat with Bash
Why is it important to have complexity requirements in password policies?
Open an interactive chat with Bash
What are the potential downsides of requiring frequent password changes?