A network administrator, Joe, arrives at his new job to find that none of the users have changed their
network passwords since they were initially hired. Joe wants to have everyone change their passwords
immediately. Which of the following policies should be enforced to initiate a password change?

A.
Password expiration

B.
Password reuse

C.
Password recovery

D.
Password disablement

Explanation:
The Maximum password age policy setting determines the number of days that a password can be used
before the system requires the user to change it. The password expiration setting determines that a user
will not be able to log into a system without changing their password after the maximum password age
has been reached.
Incorrect Answers:
B: Password reuse policies (also known as password history) determine the number of previous
passwords that cannot be used when a user changes his password. For example, a password history value
of 5 would disallow a user from changing his password to any of his previous 5 passwords. This does not
force a user to change their password. Therefore, this answer is incorrect.
C: Password recovery is the process of recovering a lost or forgotten password. This usually involves an
administrator resetting the password as most passwords are stored as hash values so the actual password
cannot be determined. This does not force a user to change their password. Therefore, this answer is
incorrect.
D: Password disablement (also known as account disablement) is the process of locking or disabling a user
account. A disabled account cannot be logged into but can be re-enabled when required. When a user
will be gone from a company for a while (maternity leave, for example), their account should be disabled
until they return. This does not force a user to change their password. Therefore, this answer is incorrect.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 140-141.