Which option would NOT be a valid way to implement user step-up authentication in Okta?

The option that would not be a valid way to implement user step-up authentication in Okta is relying solely on password strength. Step-up authentication is a process that requires additional verification to ensure a user's identity, especially when they are trying to access sensitive data or applications.

Modifying global session policies allows administrators to enforce different authentication methods based on the context of the user session, enabling step-up authentication in certain scenarios. Implementing multi-factor authentication (MFA) on sensitive applications is a direct approach to adding an extra layer of security when accessing crucial data or resources. Using behavioral indicators for authentication also enhances security by adapting the authentication method based on user behavior, such as their typical login locations or patterns.

On the other hand, relying exclusively on the strength of passwords does not constitute step-up authentication. While strong passwords are important, they do not provide an additional layer of verification when accessing secure resources. Therefore, this approach would not meet the requirements for effectively implementing step-up authentication in Okta.