A security administrator determined that the time required to brute force 90% of the company’s password hashes is below the acceptable threshold. Which of the
following, if implemented, has the GREATEST impact in bringing this time above the acceptable threshold?
A.
Use a shadow password file.
B.
Increase the number of PBKDF2 iterations.
C.
Change the algorithm used to salt all passwords.
D.
Use a stronger hashing algorithm for password storage.