A system administrator wants to configure a setting that will make offline password cracking more
challenging. Currently the password policy allows upper and lower case characters a minimum length of 5
and a lockout after 10 invalid attempts. Which of the following has the GREATEST impact on the time it
takes to crack the passwords?
A.
Increase the minimum password length to 8 while keeping the same character set
B.
Implement an additional password history and reuse policy
C.
Allow numbers and special characters in the password while keeping the minimum length at 5
D.
Implement an account lockout policy after three unsuccessful logon attempts
Offline password cracking can be deployed when you have access to the hash of the password, and the processing is performed on your own system. Now why some who cracking the password need to set an account lockout policy on his computer(which mean one part of his mind want to crack it and the other part don’t).
I vote C.
0
0
Lockout policies only impact if someone is trying to actively do an online attack. when you do an offline attack, normally, you steal the SAM database and run it through L0phtcrack or something similar. D is just wrong.
To make the password cracker take longer, you increase the min length of the password and induce complexity. C is correct.
0
0
Sorry guys. It’s A
https://blogs.technet.microsoft.com/msftcam/2015/05/19/password-complexity-versus-password-entropy/
– Password lengths are significantly more important than password complexity requirements
– Password complexity only prevents users from creating easy-to-guess passwords
– Password complexity actually reduces the total number of possible passwords in a key-space
– In theory, the most secure password policy would define a longer-length password with no other complexity requirements with a very large dictionary that consists of all easily-guessable passwords
1
0