Problem: The chief executive officer (CEO) of XYZ Organization wants to change the way the organization develops passwords on its systems. Currently, users create passwords of their own choosing and determine when those passwords would expire. The CEO notes that this is a huge risk when it comes to the vulnerability to their organization assets. What mitigation practices would you recommend to the CEO on how to strengthen the security of passwords?