Which of the following policies would be BEST to deter a brute-force login attack?

A. Password complexity
B. Password reuse
C. Account age threshold
D. Account lockout threshold