An administrator is tasked with enhancing the password policy to protect against unauthorized attempts to guess user credentials. Which of the following would be the BEST method to mitigate the risk of these types of attacks?
Implement an account lockout policy after three unsuccessful login attempts
Increase the minimum password length requirement to 16 characters
Require users to change their password every 30 days
Set up alerts to monitor accounts for a high number of failed login attempts
Account lockout policies are specifically designed to prevent brute force attacks by locking an account after a certain number of failed login attempts. This directly mitigates the risk by stopping the attacker from continuously trying different password combinations. Using longer passwords increases the difficulty of success for an attacker but does not block continuous attempts. Frequent password changes can be counterproductive as they might lead to weaker password choices by users. Monitoring for failed logins is a reactive measure which helps in identifying that a brute force attack may be occurring but does not prevent it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a brute force attack?
Open an interactive chat with Bash
How does an account lockout policy work?
Open an interactive chat with Bash
What are the drawbacks of requiring frequent password changes?