Your company has recently updated its information security policy to include more robust requirements for user authentication. You are tasked with ensuring that password management adheres to the new standards, which include regular password changes and complexity requirements. What is an acceptable method to enforce these updated policies?
Allow users to reuse the same password with incremental changes, such as adding a number to the end each time.
Implement a policy that mandates password changes only following a confirmed security incident.
Avoid informing users about the complexity requirements to ensure they choose passwords that are easy for them to remember.
Enforce a password history policy that prevents the reuse of the last 24 passwords.
Encourage users to write down their passwords and store them securely in their desk drawers.
Email users their new passwords monthly to ensure they are regularly updated.
Implementing a password history policy that prevents the reuse of a specified number of previous passwords ensures that users do not recycle their passwords when a change is required, which enhances security by reducing the potential effectiveness of previously compromised credentials. Other options such as reusing the same password with incremental changes, emailing passwords, or only changing passwords after a security incident do not meet the robust requirements of a stringent information security policy and do not encourage good password hygiene.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a password history policy?
Open an interactive chat with Bash
Why are complexity requirements important for passwords?
Open an interactive chat with Bash
What are some good practices for password management?