Solutions for Complex Passwords in E-commerce Applications

C.

The correct answer is C. research alternative secure methods of identity verification.

Explanation: The situation presented in the question involves balancing two objectives: maintaining strong password policies to ensure security, and improving the customer experience. Changing the password policy to make it less complex may compromise the security of the application, and it may not necessarily improve the customer experience. Therefore, this option should not be considered as the first step.

Implementing two-factor authentication is a good security measure but may not address the issue of customers not being able to remember their passwords. Two-factor authentication may require customers to remember even more information or have an additional device with them at all times, which may not necessarily improve the customer experience.

Evaluating the impact of the customer's experience on business revenue is important, but it should not be the first step. The business unit already states that it is imperative to improve the customer experience. Therefore, researching alternative secure methods of identity verification should be the first step.

Researching alternative secure methods of identity verification can help identify other ways of verifying a customer's identity without compromising security. For example, biometric authentication can be used, such as fingerprint or facial recognition, or SMS-based authentication can be used as an alternative to passwords. By researching alternative secure methods of identity verification, the information security manager can find a solution that balances both security and customer experience.

In conclusion, the information security manager should first research alternative secure methods of identity verification to find a solution that improves the customer experience while maintaining strong security measures.