Sign-on procedures include the creation of a unique user ID and password. However, an IS auditor discovers that in many cases the username and password are the same. The BEST control to mitigate this risk is to: 
A、change the company's security policy. 
B、educate users about the risk of weak passwords. 
C、build in validations to prevent this during user creation and password change. 
D、require a periodic review of matching user ID and passwords for detection and correction.