Which of the following methods is the BEST approach to mitigate against an attacker attempting to use multiple passwords against a single account to gain unauthorized access?
Enforce password complexity requirements
Change default passwords
Implement an account lockout threshold
Implement multi-factor authentication