An organization wants to formalize requirements such as minimum length, character complexity, and mandatory change intervals for employee logon credentials. Under security governance documentation, what specific set of rules would normally outline these requirements?
A password policy is the collection of organizational rules that specifies how users create and maintain their passwords. Typical elements include minimum length, required character types, reuse restrictions, and how often the password must be changed. Enforcing these standards reduces the chance of brute-force or credential-stuffing attacks. The other documents focus on auditing practices, information classification, or network settings, none of which directly control user credential requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is password complexity important in a password policy?
Open an interactive chat with Bash
What are some common requirements included in a password policy?
Open an interactive chat with Bash
How does a password policy help prevent cyberattacks like phishing or credential stuffing?