Which of the following policies would be BEST to deter a brute-force login attack?
A.
Password complexity B.
Password reuse C.
Account age threshold D.
Account lockout threshold.
A.
Reference: https://sucuri.net/guides/what-is-brute-force-attack/
Which of the following policies would be BEST to deter a brute-force login attack?
A.
Password complexity
B.
Password reuse
C.
Account age threshold
D.
Account lockout threshold.
A.
https://sucuri.net/guides/what-is-brute-force-attack/A brute-force attack is a type of cyberattack in which an attacker attempts to guess a user's login credentials by trying different combinations of usernames and passwords until the correct one is found. The goal of the attack is to gain unauthorized access to a system or network.
To deter a brute-force login attack, the best policy would be account lockout threshold (Option D). This policy works by setting a limit on the number of failed login attempts allowed before the account is locked out. Once the account is locked out, the user will not be able to login until the lockout period has expired or an administrator unlocks the account.
By setting a low account lockout threshold, such as three attempts, the attacker will have very few chances to guess the correct password before being locked out of the account. This can deter the attacker from continuing with the attack, as they will not have the time or resources to guess all possible combinations of passwords.
Password complexity (Option A) and password reuse (Option B) are important policies for password security, but they do not directly address the issue of brute-force attacks. Password complexity requires users to create complex passwords that are difficult to guess or crack, while password reuse prevents users from using the same password across multiple accounts. These policies can make it more difficult for an attacker to guess a user's password, but they do not prevent an attacker from attempting to guess the password through brute force.
Account age threshold (Option C) is a policy that sets a limit on how long a user can keep an account active before it must be changed or deleted. This policy can help to prevent unauthorized access to an account that has been inactive for a long time, but it does not directly address the issue of brute-force attacks.
In conclusion, the best policy to deter a brute-force login attack is account lockout threshold (Option D). By setting a low limit on the number of failed login attempts allowed, the attacker will have very few chances to guess the correct password before being locked out of the account, which can deter them from continuing with the attack.