That's helpful. That's something an organization can do. I guess what I'm trying to figure out is this. When we're looking at what recommendations we can make, how can we build our role from that?
I note that one issue that came up with one of the witnesses was passwords. We already have a prompt now when you enter a password. It tells you that you need a certain number of characters, capitals, and different numbers, whatever. What it never prompts you for is whether or not you have ever used the same password before. Apparently, a big weakness is that people use the same password over and over again. That's fairly usual. Just having a pop-up box to ask whether you've used a password before would seem simple, but it would mean that the password you were about to use was not a strong one even if it met the other markers. When we're looking at the financial industry, people signing up for online banking and these types of things, are there things that we can try to put out as recommended standards?