The results of an internal audit indicate several employees reused passwords that were previously included in a published list of compromised passwords.
The company has the following employee password policy:
Which of the following should be implemented to best address the password reuse issue? (Choose two.)
To best address the password reuse issue, two effective measures can be taken. First, increasing the minimum password age to two days ensures that employees cannot change their password multiple times within a short period to reuse their old passwords. This helps enforce a gap between password changes, making rapid cycling through passwords to reset them more difficult. Second, increasing the password history to 20 makes it necessary for employees to use a broader set of password combinations before they can reuse any previous ones. These measures collectively strengthen the password policy and mitigate the reuse of compromised passwords.
By increasing the minimum password age to two days (option A), employees are compelled to retain passwords longer before changing them, which discourages rapid cycling and potential reuse. Simultaneously, increasing the password history to 20 (option B) ensures that employees must use a broader set of passwords before reusing any, thereby reducing the risk associated with compromised passwords. These measures together strengthen the organization's password security posture and mitigate the identified password reuse issue effectively.
https://security.stackexchange.com/questions/78758/what-is-the-purpose-of-the-password-minimum-age-setting Vulnerability: For example, if you configure the Enforce password history policy setting to ensure that users cannot reuse any of their last 12 passwords, but you do not configure the Minimum password age policy setting to a number that is greater than 0, users could change their password 13 times in a few minutes and reuse their original password. You must configure this policy setting to a number that is greater than 0 for the Enforce password history policy setting to be effective. Countermeasure: Configure the Minimum password age policy setting to a value of at least 2 days.
Forget B.
A. Increase the minimum age to two days: Increasing the minimum age of passwords ensures that users cannot rapidly change their password multiple times to cycle back to their original password. By setting a minimum age, you enforce a delay between password changes, which helps prevent users from bypassing the password history policy. B. Increase the history to 20: Increasing the password history requirement means that users cannot reuse any of their last 20 passwords. This significantly reduces the likelihood of password reuse because users must remember or generate many more unique passwords before they can reuse an old one.
AB make sense, first 2 days between password changes and 20 passwords remembered takes over 40 days to get to a point where you are using your original password. Nobody will keep changing passwords every day for a month and a half.