Your company has recently updated its information security policy to include more robust requirements for user authentication. You are tasked with ensuring that password management adheres to the new standards, which include regular password changes and complexity requirements. What is an acceptable method to enforce these updated policies?
Enforce a password history policy that prevents the reuse of the last 24 passwords.
Mandate password changes only after a confirmed security incident occurs.
Email users their new passwords each month to ensure they are regularly updated.
Allow users to reuse the same password with incremental changes, such as adding a number each time.
Implementing a password-history control that prevents users from reusing a significant number of previous passwords helps ensure genuinely new credentials are chosen at each mandated change. This reduces the risk that an attacker can leverage credentials compromised in the past. Methods such as allowing minor incremental changes to old passwords, emailing passwords on a schedule, or requiring changes only after a confirmed breach do not meet the policy's requirement for proactive, secure password rotation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a password history policy?
Open an interactive chat with Bash
Why are incremental password changes, like adding a number, insecure?
Open an interactive chat with Bash
What are examples of password complexity requirements?