In Security challenge 2, option F is recommended. However, that option says "force non-compliance users to change their passwords". How are you going to do that? There’s no way to identify the non-compliant passwords. Changing the policy doesn’t force non-compliant passwords to be changed. Instead, all it does is whenever the user would normally change their password, the new password has to meet the new requirements. Therefore, your only option is to expire ALL the users passwords, not use the non-compliant passwords. Therefore, if we take this literally as written, we can’t recommend this option. It contains a fallacy. Right?
1 Answers
Hi Jay, I understand your point in a technical manner, but I think in the grammatical sense, the word "force" here would leave the door open to many possible ways of achieving the desired result, therefore while not a complete solution to the theoretical companies problem, I think option F would still be valid.