Which characteristic is NOT typical of a good password policy?

A good password policy aims to create strong, secure passwords that can resist unauthorized access while balancing user experience. Regular password changes help to minimize the risk of compromised accounts; therefore, it is a common feature in many effective password policies. Restrictions on password reuse also enhance security by preventing users from repeatedly using the same password, which would make accounts vulnerable if that password is ever leaked or compromised.

Inclusion of symbols and numbers in passwords increases their complexity, requiring a mix of different character types that contribute to a stronger defense against brute-force attacks. This characteristic is widely supported as a standard practice in password creation because it enhances security.

In contrast, minimal password complexity is not typical of a good password policy. A policy that allows for simple passwords—like those that do not require a mix of uppercase letters, lowercase letters, numbers, and symbols—poses higher risks. Such passwords are easier to guess or crack, making accounts more susceptible to unauthorized access. Therefore, adopting minimal complexity undermines the core objectives of a strong password policy.