What immediate measure should a software company consider to combat ongoing brute force attacks on its customer portal?

• A. Improve customer password complexity
• B. Implement CAPTCHA for the login process
• C. Increase the number of admin accounts
• D. Utilize biometric login features

Answer: (B)

Implementing CAPTCHA for the login process is an effective immediate measure to combat ongoing brute force attacks on a customer portal. CAPTCHA adds an extra layer of security by requiring users to complete tasks that are easy for humans but difficult for automated scripts, thereby preventing automated tools from continuously attempting to guess passwords. This deters attackers from executing their brute force strategies because the CAPTCHA system forces an interaction that slows down or halts their attack efforts.

The focus of this approach is on mitigating the specific method being used in the attack—automated login attempts—by introducing a challenge that requires user intervention, greatly reducing the effectiveness of such brute force attempts. Unlike simply increasing password complexity, which may not immediately impact an ongoing attack, or biometric features that may require more extensive implementation time, CAPTCHA can be integrated into the login process swiftly and effectively.