NixOS must require the change of at least 50 percent of the total number of characters when passwords are changed.

An XCCDF Rule

Details
Profiles

Description

Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.

ID: SV-268129r1039275_rule
Version: ANIX-00-000760
Severity: Medium
References: CCI-004066
Updated: about 2 months ago

Remediation Templates

Configure NixOS to enforce password complexity. 

Add/modify /etc/nixos/configuration.nix to include the following lines:

environment.etc."/security/pwquality.conf".text = ''
difok=8'';

Rebuild the system with the following command:

$ sudo nixos-rebuild switch

NixOS must require the change of at least 50 percent of the total number of characters when passwords are changed.

Description

Remediation Templates

A Manual Procedure