1.3 Ensure Password Complexity is set to 3

Information

This checks all new passwords to ensure that they meet basic requirements for strong passwords. The required number of character types are: Upper case alphabetic (A-Z), Lower case alphabetic (a-z), Digits (0-9), Other (everything else). A value of '1' effectively disables this check. Changes to this setting do not affect existing passwords.

Rationale:

Password complexity recommendations are derived from the USGCB (United States Government Configuration Baseline), Common Weakness Enumeration, and benchmarks published by the CIS (Center for Internet Security). Password complexity adds entropy to a password, in comparison to a simple password of the same length. A complex password is more difficult to attack, either directly against administrative interfaces or cryptographically, against captured password hashes. However, making a password of greater length will generally have a greater impact in this regard, in comparison to making a shorter password more complex.

Solution

Run the following command to set the password-controls complexity setting.
CLI:

Hostname>set password-controls complexity 3



GUI:

Navigate to User Management > Password Policy > Password Complexity:
checked the '3 - Require three character types' setting.

Default Value:

2

See Also

https://workbench.cisecurity.org/files/2828

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a)

Plugin: CheckPoint

Control ID: 45b42834a9419a19800ff5793fd49e8e137e64b0feadbe57ba6356bbc176f74b