Technical Controls to Prevent Password Policy Violations | SY0-601 Exam | CompTIA Security+

CD.

Two technical controls that can help prevent users from setting weak passwords and reusing old passwords are Password Expiration and Password History.

1. Password Expiration: Password expiration is a security mechanism that forces users to change their passwords after a certain period of time. By setting password expiration policies, users are required to change their passwords regularly, which helps to prevent the use of the same password for an extended period. By enforcing password expiration policies, users are more likely to create strong passwords because they know they will need to change them frequently. This control is effective in preventing users from reusing old passwords.

2. Password History: The password history control ensures that users cannot reuse old passwords. By maintaining a history of previously used passwords, the system can prevent users from selecting a password that they have previously used. This control is effective in preventing users from reusing the same password across different systems and services.

While password complexity, password length, and password lockout are also essential security mechanisms, they may not be as effective in preventing users from setting weak passwords and reusing old passwords. Password complexity and password length help to ensure that users create strong passwords. However, they do not prevent users from reusing old passwords. Password lockout is a mechanism that prevents brute-force attacks on passwords but does not address the issue of weak passwords or password reuse.

In conclusion, implementing both password expiration and password history controls can help prevent policy violations by ensuring that users regularly change their passwords and do not reuse old passwords.