During an internal audit of a financial institution, the auditor identifies that the current password policy requires users to create passwords that are easy to remember and encourages the inclusion of memorable dates and phrases. The auditor is likely to recommend an amendment to this policy. Which of the following changes to the password policy would most effectively increase the security of user accounts?
Password must be based on a pattern of keys on the keyboard, such as sequential letter and number combinations, to simplify the creation process.
Password must be a minimum of 14 characters and include a combination of uppercase and lowercase letters, digits, and symbols.
Password must include elements based on user hobbies or interests to improve memorability, thus enhancing security by reducing the use of written-down passwords.
Password should be updated frequently, suggesting a rotation every month to prevent long-term use.