Ann, a security administrator is hardening the user password policies. She currently has the
following in place.
Passwords expire every 60 days
Password length is at least eight characters
Passwords must contain at least one capital letter and one numeric character
Passwords cannot be reused until the password has been changed eight times
She learns that several employees are still using their original password after the 60-day forced
change. Which of the following can she implement to BEST mitigate this?
A.
Lower the password expiry time to every 30days instead of every 60 days
B.
Require that the password contains at least one capital, one numeric, and one special
character
C.
Change the re-usage time from eight to 16 changes before a password can be repeated
D.
Create a rule that users can only change their passwords once every two weeks
None of the answers to my mind fit the bill yet The BEST answer is certainly: “D. Create a rule that users can only change their passwords once every two weeks”
Amongst other things Ann implemented, it clearly states that “Passwords cannot be reused until the password has been changed eight times”
This means that password history has been enabled:
“The Enforce password history policy setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused.”
So if password history has been enabled to up to 8 times, this means that in order for the users to have the same password after a 60 date period, that they changed the password 9 times in two months!
They must love the original password so much….
0
0