Profile Applicability:
 • Level 1

Description:
 Configuring a minimum password length enforces users to create passwords of sufficient complexity, improving resistance to brute-force and guessing attacks.

Rationale:
 Longer passwords increase the key space, making passwords harder to crack and enhancing overall system security.

Impact:
 Pros:

  • Strengthens password security by enforcing length requirements.

  • Helps meet compliance and security best practices.

Cons:

  • May cause usability issues if minimum length is set too high.

Default Value:
 Defaults vary; some systems may not enforce a minimum password length.

Pre-requisites:

  • Root or sudo privileges to configure PAM modules such as pam_pwquality.

Remediation:

Test Plan:

Using Linux command line:

1. Check /etc/security/pwquality.conf for minlen parameter:

grep minlen /etc/security/pwquality.conf

2. Verify the minimum length value is configured.

Implementation Plan:

Using Linux command line:

  1. Edit /etc/security/pwquality.conf to set the minimum length, for example:
    minlen = 12


  2. Save the file.

  3. Confirm PAM is configured to use pam_pwquality.

Backout Plan:

Using Linux command line:

  1. Remove or adjust the minlen setting if needed.

  2. Test password changes to confirm behavior.

References: