What is the primary concern addressed by enforcing user step-up authentication?

Enforcing user step-up authentication primarily addresses the concern of preventing unauthorized access. This approach is intended to provide an additional layer of security by requiring users to verify their identity through extra authentication steps, especially when accessing sensitive resources or performing high-risk actions.

For instance, if a user logs in from an unfamiliar device or location, step-up authentication can prompt for additional credentials, such as a one-time passcode sent to their mobile device. This method diminishes the likelihood of unauthorized individuals gaining access, as even if they have the user's password, they would still need to complete the additional verification steps.

Other options, while relevant to security and operational practices, do not directly relate to the primary objective of step-up authentication. Although enhancing password complexity can contribute to overall security, it is not the specific aim of step-up authentication. Improving compliance with regulations may be a beneficial outcome of implementing stronger authentication measures, but it is not the core issue being addressed. Finally, reducing system overload during peak times is more related to performance management rather than security protocols such as step-up authentication.