1.3.11 Ensure 'New Password Differs by Characters' is greater than or equal to 3


This checks all new passwords to ensure that they differ by at least three characters from the previous password.
This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.


Navigate to Device > Setup > Management > Minimum Password Complexity
Set New Password Differs By Characters to 3 or more
Execute the following CLI command:
[email protected]#set mgt-config password-complexity
+ block-repeated-characters Block repeated characters count
+ block-username-inclusion Block inclusion of username and it's reverse
+ enabled Enable minimal password complexity enforcement
+ minimum-length Minimum password length
+ minimum-lowercase-letters Minimum lowercase letters in the password
+ minimum-numeric-letters Minimum numeric(0-9) letters in the password
+ minimum-special-characters Minimum special characters(non-alphanumeric) in the password
+ minimum-uppercase-letters Minimum uppercase letters in the password
+ new-password-differs-by-characters New Password must differ by the count chars
+ password-change-on-first-login Password must change on first time login
+ password-change-period-block Password change block period
+ password-history-count Save password history for password changes
> password-change password-change
<Enter> Finish input
# commit

Default Value:
Not enabled.

See Also


Item Details


References: 800-53|IA-5(1)(b), CSCv6|5

Plugin: Palo_Alto

Control ID: 44ad0405650d2f029e385bb67b825ce25bf5dab837df43b8ecf86c92ca6ef517