A security administrator is updating the company's password policy to enhance user account security. The primary goal is to implement a control that is most effective at preventing brute-force and dictionary attacks. Which of the following policy requirements should the administrator enforce?
Enforce complexity requirements, including mixed case, numbers, and special characters.
Mandate that all user passwords expire every 90 days.
Prohibit users from reusing the same password across multiple internal systems.
Require a minimum password length of eight characters.
Enforcing password complexity, which requires a mix of upper-case letters, lower-case letters, numbers, and special characters, is the most effective control against brute-force and dictionary attacks. Simple passwords and password reuse make accounts vulnerable. While periodic password expiration was a common practice, modern standards from NIST advise against it unless there is evidence of compromise, as it often leads to weaker passwords.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are complex passwords harder to crack?
Open an interactive chat with Bash
What is a brute force attack?
Open an interactive chat with Bash
How do dictionary attacks work, and why are they dangerous?