iCompaas Support

Profile Applicability:
 • Level 1

Description:
 Configuring limits on the maximum number of sequential characters in passwords prevents users from choosing passwords with easily guessable sequences (e.g., “abcd”, “1234”), thereby strengthening password security.

Rationale:
 Restricting sequential characters reduces the risk of weak passwords vulnerable to pattern-based attacks and improves overall authentication security.

Impact:
 Pros:

• Encourages stronger and less predictable passwords.
  

• Mitigates risks from common sequential patterns.
  

Cons:

• May increase user difficulty in creating passwords.
  

Default Value:
 This setting is not always configured by default and requires explicit configuration.

Pre-requisites:

• Root or sudo privileges to configure PAM modules such as pam_pwquality.
  

Remediation:

Test Plan:

Using Linux command line:

1. Check /etc/security/pwquality.conf for maxsequence parameter which controls max allowed sequential characters:
   

   grep maxsequence /etc/security/pwquality.conf

   
   

2. Verify maxsequence is set appropriately (e.g., 3 or fewer).
   

Implementation Plan:

Using Linux command line:

1. Edit /etc/security/pwquality.conf to set maxsequence, for example:
   

   maxsequence = 3

   
   

2. Save the file and ensure PAM is configured to use pam_pwquality.
   

Backout Plan:

Using Linux command line:

1. Remove or adjust the maxsequence parameter if needed.
   

2. Test password change functionality.
   

References:

• CIS Amazon Linux 2 Benchmark v3.0.0
  

• pwquality.conf Manual
  

• NIST SP 800-63B - Digital Identity Guidelines