Not a Preventive Login Control

A.

The last login message displays the last login date and time, allowing a user to discover if their account was used by someone else.

Hence, this is rather a detective control.

Source: RUSSEL, Deborah & GANGEMI, G.T.

Sr., Computer Security Basics, O'Reilly, July 1992 (page 63).

The term "login control" refers to the security measures put in place to protect a computer system from unauthorized access. Preventive login controls are measures that are designed to prevent unauthorized access before it happens. Out of the options given, the one that is not a preventive login control is:

A. Last login message: A last login message is an informational message that is displayed to users when they log in to a system. It informs them of the date and time of their last successful login. This is not a preventive control because it does not actively prevent unauthorized access. However, it can help users identify any unauthorized access that may have occurred since their last login.

B. Password aging: Password aging is a preventive control that requires users to change their password after a specified period of time. This helps prevent unauthorized access by ensuring that passwords are regularly updated and not easily guessable.

C. Minimum password length: A minimum password length requirement is a preventive control that requires users to create a password that meets a certain minimum length. This helps prevent unauthorized access by ensuring that passwords are not easily guessable or cracked.

D. Account expiration: Account expiration is a preventive control that automatically disables a user's account after a certain period of time. This helps prevent unauthorized access by ensuring that inactive accounts are not left open and vulnerable to attack.

In summary, out of the given options, the last login message is not a preventive login control because it does not actively prevent unauthorized access.