1.3.2 Ensure 'Minimum Length' is greater than or equal to 12


This determines the least number of characters that make up a password for a user account.


A longer password is much more difficult to attack, either directly against administrative interfaces or cryptographically, against captured password hashes. Making a password of greater length will generally have a greater impact in this regard, in comparison to making a shorter password more complex. Passphrases are a commonly used recommendation, to make longer passwords more palatable to end users. Administrative staff however generally use 'password safe' applications, so a long and complex password is more easily implemented for most infrastructure administrative interfaces.


Longer passwords are much more difficult to attack. This is true of attacks against the administrative interfaces themselves, or of decryption attacks against captured hashes. A longer password will almost always have a more positive impact than a shorter but more complex password.


Navigate to Device > Setup > Management > Minimum Password Complexity.
Set Minimum Length to greater than or equal to 12

Default Value:

Not enabled.

See Also


Item Details


References: 800-53|IA-5(1), CSCv7|4.2

Plugin: Palo_Alto

Control ID: fe3813779be2476233ec02afd0a849b15a425ebbc73bec01fc44aea723d13034