iCompaas Support

Profile Applicability:
 • Level 1

Description:
 Configuring limits on the number of same consecutive characters in passwords prevents users from choosing passwords with easily guessable patterns such as repeated characters, thereby strengthening password security.

Rationale:
 Restricting consecutive identical characters reduces the risk of weak passwords and enhances protection against guessing and brute-force attacks.

Impact:
 Pros:

• Encourages stronger password choices.
  

• Mitigates simple password patterns that are vulnerable to attacks.
  

Cons:

• May add complexity for users creating passwords.
  

Default Value:
 This setting is not always configured by default and must be explicitly enabled.

Pre-requisites:

• Root or sudo privileges to configure PAM modules such as pam_pwquality.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check /etc/security/pwquality.conf for maxrepeat parameter which controls max allowed consecutive identical characters:
   

   grep maxrepeat /etc/security/pwquality.conf

2. Verify maxrepeat is set appropriately (e.g., 3 or fewer).
   
   

Implementation Plan:

Using Linux command line:

1. Edit /etc/security/pwquality.conf to set maxrepeat, for example:
   

   maxrepeat = 3

   
   

2. Save the file and ensure PAM uses pam_pwquality.
   

Backout Plan:

Using Linux command line:

1. Remove or adjust the maxrepeat parameter if needed.
   

2. Test password change functionality.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• pwquality.conf Manual
  

• NIST SP 800-63B - Digital Identity Guidelines