Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to:
A、change the company's security policy.
B、educate users about the risk of weak passwords.
C、build in validations to prevent this during user creation and password change.
D、require a periodic review of matching user ID and passwords for detection and correction.