An internal auditing team would like to strengthen the password policy to support special characters. Which of the following types of password controls would
achieve this goal?

A.
Add reverse encryption

B.
Password complexity

C.
Increase password length

D.
Allow single sign on

Explanation:
Generally, the minimum password length is considered to be 8 upper and lowercase characters. The use of at least one non-alpha character like punctuation,
special characters, or numbers, combined with the password length produces strong passwords. Strong passwords are produced by the combination of a
password’s length and complexity.

Incorrect Answers:
A: Typical protocol components, like encryption and hash functions, can be reverse-engineered automatically by tracing the execution of protocol implementations
and trying to identify buffers in memory holding unencrypted packets. It will not strengthen the password policy to support special characters.
C: Increasing the password length will not necessarily support special characters.
D: Single sign-on means that once a user (or other subject) is authenticated into a realm, they need not re-authenticate to access resources on any realm entity. It
will not strengthen the password policy to support special characters.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 284, 292, 293.
http://en.wikipedia.org/wiki/Reverse_engineering