An organization is looking to improve its defenses against attackers attempting to guess passwords in order to breach user accounts. Which of the following is the BEST mitigation strategy to protect against such an attack?
Require passwords to meet stronger complexity requirements, including a mix of uppercase, lowercase, numbers, and special characters.
Encrypt all data stored on user devices.
Implement a Virtual Private Network (VPN) for remote access to the network.
Deploy an intrusion detection system to monitor network traffic for suspicious behavior.
Implement an account lockout mechanism after three unsuccessful login attempts.
Add challenge-response questions to the login process.