An organization decides to secure passwords, which is the easiest entry point for cyber-attacks and enforces a password policy. Which of the following controls is taken by the organization?
1) Implementing two-factor authentication
2) Using strong encryption algorithms
3) Enforcing regular password changes
4) Implementing a password complexity policy