A system administrator wants to configure a setting that will make offline password cracking more
challenging. Currently the password policy allows upper and lower case characters a minimum
length of 5 and a lockout after 10 invalid attempts. Which of the following has the GREATEST
impact on the time it takes to crack the passwords?
A.
Increase the minimum password length to 8 while keeping the same character set
B.
Implement an additional password history and reuse policy
C.
Allow numbers and special characters in the password while keeping the minimum length at 5
D.
Implement an account lockout policy after three unsuccessful logon attempts
D cannot be correct because the questions asks about offline password cracking.
The best choices are A or C. If my math is correct, the correct answer should be A.
I agree with Dugan.
D cannot be, because of the offline password cracking.
A or C are correct
I would say C because to make a password complex is not only having a minimum password length of 8 but it is also combining numbers, special characters, upper and lower case letters.
Offline attack –> no account lockout, so exclude B and D.
Choice A): 52 to the power 8 = 53,459,728,531,456 possible passwords.
Choice C): (32 + 10 + 26 + 26) to the power 5 = 7,339,040,224 possible passwords.
I would say A is the correct answer.
Who’s to say that every PC on the network via a GP does not have or has set the account lockout policy to 3 attempts?
D: is the answer