iCompaas Support

Profile Applicability:
 • Level 1

Description:
 Configuring a minimum password length enforces users to create passwords of sufficient complexity, improving resistance to brute-force and guessing attacks.

Rationale:
 Longer passwords increase the key space, making passwords harder to crack and enhancing overall system security.

Impact:
 Pros:

• Strengthens password security by enforcing length requirements.
  

• Helps meet compliance and security best practices.
  

Cons:

• May cause usability issues if minimum length is set too high.
  

Default Value:
 Defaults vary; some systems may not enforce a minimum password length.

Pre-requisites:

• Root or sudo privileges to configure PAM modules such as pam_pwquality.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check /etc/security/pwquality.conf for minlen parameter:

grep minlen /etc/security/pwquality.conf

2. Verify the minimum length value is configured.

Implementation Plan:

Using Linux command line:

1. Edit /etc/security/pwquality.conf to set the minimum length, for example:
   

   minlen = 12

   
   

2. Save the file.
   

3. Confirm PAM is configured to use pam_pwquality.
   

Backout Plan:

Using Linux command line:

1. Remove or adjust the minlen setting if needed.
   

2. Test password changes to confirm behavior.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• pwquality.conf Manual
  

• NIST SP 800-63B - Digital Identity Guidelines