How can an administrator limit the use of a stolen password?

Configuring a password expiration period is an effective method for limiting the use of a stolen password. When an administrator sets a password to expire after a certain period, it means that even if a password is stolen, the access granted by that password will only be available for a limited time. This reduces the window of opportunity for unauthorized users to exploit the stolen credential. Once the password expires, users must reset their password, thereby effectively cutting off access gained through any compromised password.

Implementing complex password requirements helps in creating stronger passwords that are harder to guess or crack but does not directly address the problem once a password is stolen. Enabling single sign-on (SSO) simplifies the authentication process for users but does not provide a mechanism to limit the use of an already compromised password. Increasing session timeout limits allows users to remain logged in for extended periods, which could actually increase security risks if a password has been stolen.