Skip to Content

CompTIA Security+ (Plus): Which Password Policy Requirement Most Improves Security?

By: Author Alex Lim

Posted on

Categories Exam

What password policy best improves security: frequent resets, complexity, or length? Learn why long passwords with a mix of characters are most effective for strong authentication—essential for CompTIA Security+ (Plus) SY0-701 exam success.

Table of Contents

Question

A system administrator is configuring a security policy to enforce password complexity. Which requirement would improve security the most?

A. Requiring users to reset passwords every 7 days
B. Allowing users to reuse previous passwords
C. Setting passwords to expire after one year
D. Using long passwords with a mix of characters
E. Using only lowercase letters in passwords

Answer

D. Using long passwords with a mix of characters

Explanation

Complex passwords with length, uppercase/lowercase letters, numbers, and symbols enhance security.

The requirement that most improves password security is using long passwords with a mix of characters.

  • Password Length: Modern security standards, including NIST guidelines, emphasize that password length is the most critical factor for security. Longer passwords are exponentially harder to crack via brute-force attacks than shorter ones, regardless of complexity.
  • Complexity: Including a mix of uppercase and lowercase letters, numbers, and special characters increases password entropy, making them more resistant to guessing and automated attacks. However, complexity should not substitute for length; both together provide the strongest defense.
  • Best Practice: Combining length and complexity—such as passphrases with varied character types—offers the highest level of protection. For example, a 15-character passphrase with mixed characters is far more secure than a short, frequently changed password.
  • Other Requirements: Frequent password resets and allowing password reuse are discouraged by current NIST guidelines, as they may lead to weaker password choices and poor user behavior.

Long, complex passwords significantly enhance security by increasing resistance to brute-force and guessing attacks, aligning with current best practices and NIST recommendations.

CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.