Profile Applicability:
 • Level 1

Description:
 Configuring limits on the maximum number of sequential characters in passwords prevents users from choosing passwords with easily guessable sequences (e.g., “abcd”, “1234”), thereby strengthening password security.

Rationale:
 Restricting sequential characters reduces the risk of weak passwords vulnerable to pattern-based attacks and improves overall authentication security.

Impact:
 Pros:

  • Encourages stronger and less predictable passwords.

  • Mitigates risks from common sequential patterns.

Cons:

  • May increase user difficulty in creating passwords.

Default Value:
 This setting is not always configured by default and requires explicit configuration.

Pre-requisites:

  • Root or sudo privileges to configure PAM modules such as pam_pwquality.

Remediation:

Test Plan:

Using Linux command line:

  1. Check /etc/security/pwquality.conf for maxsequence parameter which controls max allowed sequential characters:
    grep maxsequence /etc/security/pwquality.conf


  2. Verify maxsequence is set appropriately (e.g., 3 or fewer).

Implementation Plan:

Using Linux command line:

  1. Edit /etc/security/pwquality.conf to set maxsequence, for example:
    maxsequence = 3


  2. Save the file and ensure PAM is configured to use pam_pwquality.

Backout Plan:

Using Linux command line:

  1. Remove or adjust the maxsequence parameter if needed.

  2. Test password change functionality.

References: