Evaggelia's organization is updating its password policy and wants to use the strongest possible passwords. What password requirement will have the highest impact in preventing brute-force attacks?
Answer Options
Change the maximum age from 1 year to 180 days.
Increase the minimum password length from 8 characters to 16 characters.
Increase the password complexity so that at least three character classes (such as uppercase, lowercase, numbers, and symbols) are required.
Retain a password history of at least four passwords to prevent reuse.
Correct Answer: B
Explanation
Password complexity is driven by length, and a longer password will be more effective against brute-force attacks than a shorter password. Each character of additional length increases the difficulty by the size of the potential character set (for example, a single lowercase character makes the passwords 26 times more difficult to crack). While each of the other settings is useful for a strong password policy, they won't have the same impact on brute-force attacks.