An internal auditor discusses user-defined default passwords with the database administrator. Such passwords will be reset as soon as the user logs in for the first time, but the initial value of the password is set as "123456." Which of the following are the auditor and the database administrator most likely discussing in this situation?
When discussing user-defined default passwords, the primary concern would be security. Specifically, they would be discussing the potential risks during the period between the creation of the account and the initial password change. Setting a default password like '123456' could be a security risk if someone gains access to the account before the user changes it. Hence, the focus would be on what happens in that interim period.
Shouldn't it be B?