Any password used must not be word found in a dictionary.-a brute force password attack involves trying many possible password values, to see if any result in access to an account. in order to help prevent dictionary-based attacks, in which the list of password values to try comes from a dictionary, it is useful to have a policy that any password used must not be a word found in a dictionary.password reuse is not allowed (i.e., rotating passwords), is a good policy, but not the one most closely related to helping prevent brute force password attacks. password history must be used to prevent users from reusing passwords. for example, on many systems with such a facility the last 12 passwords used will be kept in the history. but as with policies against password re-use, password history is not as relevant to preventing brute force password attacks as is the policy against dictionary words.