An organizations’ security policy requires that users change passwords every 30 days. After a
security audit, it was determined that users were recycling previously used passwords. Which of
the following password enforcement policies would have mitigated this issue?

A.
Password history

B.
Password complexity

C.
Password length

D.
Password expiration