5.2.4 Ensure Complex Password Must Contain Numeric Character Is Configured

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Complex passwords contain one character from each of the following classes: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non-alphanumeric characters.

Ensure that a number or numeric value is part of the password policy on the computer.

Rationale:

The more complex a password, the more resistant it will be against persons seeking unauthorized access to a system.

Impact:

Password policy should be in effect to reduce the risk of exposed services being compromised easily through dictionary attacks or other social engineering attempts.

Solution

Perform the following to enable passwords to require at least 1 numeric characters:
Terminal Method:
Run the following command to set passwords to require at least one number:

$ sudo /usr/bin/pwpolicy -n /Local/Default -setglobalpolicy -setaccountpolicies 'requiresNumeric=<value>=1>'

example:

$ sudo /usr/bin/pwpolicy -n /Local/Default -setglobalpolicy 'requiresNumeric=2'

Profile Method:

Create or edit a configuration profile with the PayloadType of com.apple.mobiledevice.passwordpolicy

Add the key requireAlphanumeric

Set the key to <true/>

Note: This profile sets a requirement of both an alphabetical and a numeric character.

See Also

https://workbench.cisecurity.org/files/4002