Which of the following application software features is the least effective control to protect passwords?
Which of the following application software features is the least effective control to protect passwords?
Automatic logoff of inactive users after a specified time period of inactivity is the least effective control to protect passwords. This feature primarily enhances security by preventing unauthorized access to an unattended session, but it does not directly protect the passwords themselves. The other options directly impact password security by either preventing brute force attacks, ensuring passwords are not stored or transmitted in plaintext, or regularly forcing updates to limit the time a compromised password can be used.
I think b is correct regarding GTAG of auditing identity and access management
the answer doesnt make sense. How is the forced changing of passwords a weak control?
It does not protect from stealing password, but only from using stolen one.
"D. Automatic logoff" also doesn't protect from stealing passwords, either. Is there any other reasonable explanation to choose C as an answer?
The correct answer is B. Encryption of passwords prior to their transmission or storage. This option is the least effective control to protect passwords. While encryption is important for securing passwords, it only protects against unauthorized access to the stored or transmitted password. Other options provide additional layers of protection, such as suspending user IDs after repeated invalid password attempts, forcing password changes, and automatic logoff of inactive users
D is the correct answer, it does not protect the password.
The correct answer is B , according to GTAG
I think D should be the answer.