The incident response team found recently that one of the system passwords has been compromised and an unexpected login activity for one of the programs was detected. It was then discovered that users who were on vacation tried logging into their accounts. According to company rules, users must create passwords that contain an uppercase letter, a lowercase letter, a number, and a special symbol. This policy is enforced using technical controls, which also prevents users from using any of their previous eight passwords. The quantization does not employ single sign$-$on or password centralised storage.

SELECT THE CORRECT ANSWER

Some users are meeting password complexity requirements but not password length requirements

The password history enforcement is insufficient and old passwords are still valid across many different systems

Some users are reusing passwords and some of the compromised passwords are valid on multiple systems

The compromised password file has been brute$-$force hacked, and the complexity requirements are not adequate to mitigate this risk