Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were ident...

Multiple business accounts were compromised a few days after a public website had its credentials database leaked on the Internet. No business emails were identified in the breach, but the security team thinks that the list of passwords exposed was later used to compromise business accounts. Which of the following would mitigate the issue?

A. Complexity requirements B. Password history C. Acceptable use policy D. Shared accounts