Which of the following would be MOST effective in successfully implementing restrictive password policies?
A . Regular password audits
B . Single sign-on system
C . Security awareness program
D . Penalties for noncompliance
Answer: C
Explanation:
To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in of the end users. The best way to accomplish this is through a security awareness program. Regular password audits and penalties for noncompliance would not be as effective on their own; people would go around them unless forced by the system. Single sign-on is a technology solution that would enforce password complexity but would not promote user compliance. For the effort to be more effective, user buy-in is important.