During a penetration test for ABC Corp, you identified that the password policy allows users to set extremely common passwords and does not enforce password complexity. As part of your report to the company's management, which of the following recommendations would be MOST appropriate to address this vulnerability?
Encourage the use of biometric authentication for all users to replace passwords.
Increase the frequency of security monitoring to catch potential breaches.
Advise the company to eliminate passwords entirely in favor of a physical token-based system.
Enforce password complexity requirements within the organization's password policy.
Limit the number of login attempts to three before locking out the user account.
Implement an account expiration policy that forces users to re-register every 90 days.
To mitigate the risk of weak passwords being exploited, it is recommended that password policies enforce criteria for complexity (e.g., uppercase, lowercase, numbers, and special characters). This recommendation is appropriate because it directly addresses the identified weakness in the company's password policy by suggesting a standard best practice for password management. Other options, like increasing monitoring or encouraging biometric use, may also contribute to security but do not directly address the core issue of password weaknesses as effectively as enforcing password complexity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are password complexity requirements?
Open an interactive chat with Bash
Why is enforcing password complexity important for security?
Open an interactive chat with Bash
What are some best practices for creating strong passwords?