GEN000580 - The system must require passwords contain a minimum of 15 characters.

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

The use of longer passwords reduces the ability of attackers to successfully obtain valid passwords using guessing or exhaustive search techniques by increasing the password search space.

Solution

Edit /etc/default/passwd and set the PASSLENGTH variable to 15 or greater.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_SOL_10_x86_V2R2_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CAT|II, CCI|CCI-000205, Rule-ID|SV-227583r603266_rule, STIG-ID|GEN000580, STIG-Legacy|SV-27110, STIG-Legacy|V-11947, Vuln-ID|V-227583

Plugin: Unix

Control ID: 843c5cbdf3276501ada3b5d22b204e8effda25f50f743cc5843c24e4082df80f