You are the network administrator for a small bank in Dallas, Texas. To ensure network security, you enact a security policy that requires all users to have 14 character passwords. After giving your users 2 weeks notice, you change the Group Policy to force 14 character passwords. A week later you dump the SAM database from the standalone server and run a password-cracking tool against it. Over 99% of the passwords are broken within an hour. Why were these passwords cracked so quickly?
A.
Networks using Active Directory never use SAM databases so the SAM database pulled was empty
B.
Passwords of 14 characters or less are broken up into two 7-character hashes
C.
The passwords that were cracked are local accounts on the Domain Controller
D.
A password Group Policy change takes at least 3 weeks to completely replicate throughout a network