An administrator has implemented a policy that passwords expire after 60 days and cannot match their last six previously used passwords. Users are bypassing this policy by immediately changing their passwords six times and then back to the original password. Which of the following can the administrator MOST easily employ to prevent this unsecure practice, with the least administrative effort?

A.
Create a policy that passwords must be no less than ten characters.

B.
Monitor user accounts and change passwords of users found to be doing this.

C.
Create a policy that passwords cannot be changed more than once a day.

D.
Monitor user accounts and lock user accounts that are changing passwords excessively.