Information
The enforcement of password complexity is managed through the Security.PasswordQualityControl parameter, allowing configuration of password length, character set requirements, and failed logon attempt restrictions. The recommended setting is "retry=3 min=disabled,15,15,15,15 max=64 similar=deny passphrase=3".
Abiding by NIST 800-63B Section 5.1.1.2 guidelines, not enforcing traditional composition rules facilitates the adoption of longer, more secure passphrases, enhancing overall security.
Solution
To set the password complexity requirements, perform the following PowerCLI command:
Get-VMHOST | Get-AdvancedSetting -Name "Security.PasswordQualityControl" | Set-AdvancedSetting -Value "retry=3 min=disabled,disabled,disabled,disabled,14"
The above requires all passwords to be 14 or more characters long and comprised of at least one character from four distinct character sets.
Impact:
Altering password complexity via Security.PasswordQualityControl may cause installation issues with other products and services within the VMware ecosystem not expecting such changes.