Question

which password policies help mitigate brute force attacks? choose two answers. passwords are longer than 16 characters passwords expire after a set time passwords are complex passwords are stored in secure browsers passwords are changed regularly

Explanation:

To mitigate brute - force attacks, we analyze each option:

• Option 1: Passwords are longer than 16 characters

A brute - force attack tries all possible combinations of characters to guess a password. If a password is longer than 16 characters, the number of possible combinations (based on the number of available characters, e.g., lowercase, uppercase, numbers, special characters) increases exponentially. For example, if we consider a password with only lowercase letters (26 options per character), a 1 - character password has 26 combinations, a 2 - character one has $26^2=676$, and a 17 - character one has $26^{17}$, which is an astronomically large number. This makes it very time - consuming for an attacker to try all combinations, so longer passwords help against brute - force.

• Option 2: Passwords expire after a set time

Password expiration is more related to reducing the window of opportunity if a password is compromised (e.g., through other means like phishing or a data breach). It doesn't directly increase the difficulty of a brute - force attack, as the attacker is still trying to guess the current password within its valid period.

• Option 3: Passwords are complex

A complex password (with a mix of uppercase, lowercase, numbers, and special characters) increases the number of possible characters per position. For example, if a password has 8 characters and uses only lowercase (26 options), there are $26^8$ combinations. If it's complex (e.g., 26 lowercase + 26 uppercase+10 numbers + 10 special characters = 72 options per character), an 8 - character complex password has $72^8$ combinations, which is much larger. This makes brute - force attacks harder as the number of possible combinations to try is vastly increased.

• Option 4: Passwords are stored in secure browsers

Storing passwords in secure browsers is about the security of password storage, not about making it harder for an attacker to guess the password (which is what a brute - force attack does). It doesn't impact the complexity or length of the password that the attacker is trying to guess.

• Option 5: Passwords are changed regularly

Regular password changes are similar to password expiration. They are more for reducing the time a compromised password can be used, rather than directly mitigating the brute - force attack's ability to guess the password. The attacker is still targeting the current password, and regular changes don't make the current password harder to guess via brute - force.

So the two options that help mitigate brute - force attacks are "Passwords are longer than 16 characters" and "Passwords are complex".

Answer:

A. Passwords are longer than 16 characters, C. Passwords are complex