An internal auditing team would like to strengthen the password policy to support special characters.
Which of the following types of password controls would achieve this goal?

A.
Add reverse encryption

B.
Password complexity

C.
Increase password length

D.
Allow single sign on

Explanation:
Generally, the minimum password length is considered to be 8 upper and lowercase characters. The use
of at least one non-alpha character like punctuation, special characters, or numbers, combined with the
password length produces strong passwords. Strong passwords are produced by the combination of a
password’s length and complexity.Incorrect Answers:
A: Typical protocol components, like encryption and hash functions, can be reverse-engineered
automatically by tracing the execution of protocol implementations and trying to identify buffers in
memory holding unencrypted packets. It will not strengthen the password policy to support special
characters.
C: Increasing the password length will not necessarily support special characters.
D: Single sign-on means that once a user (or other subject) is authenticated into a realm, they need not
re-authenticate to access resources on any realm entity. It will not strengthen the password policy to
support special characters.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 284, 292, 293
http://en.wikipedia.org/wiki/Reverse_engineering