Information
Complex passwords contain one character from each of the following classes: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non-alphanumeric characters.
Ensure that an Alphabetic character is part of the password policy on the computer.
The more complex a password, the more resistant it will be against persons seeking unauthorized access to a system.
Solution
Terminal Method:
Run the following command to set that passwords must contain at least one letter:
$ /usr/bin/sudo /usr/bin/pwpolicy -n /Local/Default -setglobalpolicy -setaccountpolicies "requiresAlpha=<value>=1>"
example
:
$ /usr/bin/sudo /usr/bin/pwpolicy -n /Local/Default -setglobalpolicy "requiresAlpha=1"
Profile Method:
Create or edit a configuration profile with the following information:
- The PayloadType string is com.apple.mobiledevice.passwordpolicy
- The key to include is requireAlphanumeric
- The key must be set to <true/>
Note: This profile sets a requirement of both an alphabetical and a numeric character.
Note: The profile method is the preferred method for setting password policy since -setglobalpolicy in pwpolicy is deprecated and will likely be removed in a future macOS release.
Impact:
Password policy should be in effect to reduce the risk of exposed services being compromised easily through dictionary attacks or other social engineering attempts.