Isaac is concerned that the passwords that his users are creating are too short and can be easily brute-forced if their hashes were compromised. Rather than make his users remember longer passwords, he would like to implement a technical solution to help make the hashes more resistant to cracking. What solution can he use to help with this?

Implementing key stretching techniques can help short—and thus weak—passwords resist brute-force hash cracking techniques. They won't help against brute-force password guessing attacks, so Isaac will need to implement other controls against that type of attack. Pass-the-hash attacks reuse hashes, and thus aren't a technique used to prevent brute-force attacks against hashed passwords. Collision resistance is a requirement for an effective hashing algorithm and should be part of any password hash storage implementation. Encrypting passwords is not a recommended practice because it leaves passwords in the hands of the organization rather than hashes and requires the organization to decrypt passwords to check them when they are used, creating frequent opportunities for exposure.