Which of the following would be MOST effective in successfully implementing restrictive password policies? 

Answer options:

A. Regular password audits
B. Single sign-on system
C. Security awareness program
D. Penalties for noncompliance

C

To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in of the end users. The best way to accomplish this is through a security awareness program. Regular password audits and penalties for noncompliance would not be as effective on their own; people would go around them unless forced by the system. Single sign-on is a technology solution that would enforce password complexity but would not promote user compliance. For the effort to be more effective, user buy-in is important.