Which of the following is typically NOT a consideration in the design of passwords?

A.
Lifetime

B.
Electronic monitoring

C.
Authentication period

D.
Composition

Explanation:
Electronic monitoring is the eavesdropping on passwords that are being transmitted to the
authenticating device. This issue is a technical one and is not a consideration in designing passwords.
The other answers relate to very important password characteristics that must be taken into account
when developing passwords. Password lifetime, in answer a, refers to the maximum period of time
that a password is valid. Ideally, a password should be used only once. This approach can be
implemented by token password generators and challenge response schemes. However, as a
practical matter, passwords on most PC’s and workstations are used repeatedly. The time period
after which passwords should be changed is a function of the level of protection required for the
information being accessed. In typical organizations, passwords may be changed every three to six
months. Obviously, passwords should be changed when employees leave an organization or in a
situation where a password may have been compromised. Answer “the composition of a password”

defines the characters that can be used in the password. The characters may be letters, numbers, or
special symbols. ” The authentication period” defines the maximum acceptable period between the
initial authentication of a user and any subsequent reauthorization process. For example, users may
be asked to authenticate themselves again after a specified period of time of being logged on to a
server containing critical information.