An organizations’ security policy requires that users change passwords every 30 days. After a
security audit, it was determined that users were recycling previously used passwords. Which of
the following password enforcement policies would have mitigated this issue?
A.
Password history
B.
Password complexity
C.
Password length
D.
Password expiration
Explanation:
Password history determines the number of previous passwords that cannot be used when a user
changes his password. For example, a password history value of 5 would disallow a user from
changing his password to any of his previous 5 passwords. However, without a minimumpassword age setting, the user could change his password six times and cycle back to his original
password.