Which of the following best explains why password complexity requirements (such as including uppercase letters, numbers, and symbols) are important in password policies?
Think about how attackers try to break passwords.
Password complexity makes it harder for attackers to guess or crack passwords by increasing the number of possible combinations.
According to modern password best practices, what is the recommended minimum length for a secure password?
Longer passwords are generally more secure.
Current guidelines recommend passwords be at least 12 characters long to resist brute-force attacks effectively.
Which password policy best helps reduce the risk of users reusing the same password across multiple websites?
Think about how to stop users from using old passwords again.
Password history policies prevent users from reusing recent passwords, encouraging unique passwords for each account.
What is a common negative effect of requiring users to change their passwords very frequently (e.g., every 30 days)?
Consider user behavior when forced to change passwords often.
Frequent password changes can lead users to choose weaker passwords or write them down, which can reduce overall security.
Why is multi-factor authentication (MFA) recommended as a best practice in addition to strong passwords?
Think about what happens if a password is stolen.
MFA requires an additional verification step beyond the password, so even if a password is stolen, attackers cannot access the account without the second factor.