NixOS must prevent the use of dictionary words for passwords.

An XCCDF Rule

Details
Profiles

Description

If the operating system allows the user to select passwords based on dictionary words, then this increases the chances of password compromise by increasing the opportunity for successful guesses and brute-force attacks.

ID: SV-268169r1039395_rule
Version: ANIX-00-001860
Severity: Medium
References: CCI-000366
Updated: about 2 months ago

Remediation Templates

Configure NixOS to check password change attempts against a dictionary.

Add/modify /etc/nixos/configuration.nix to include the following lines:

environment.etc."/security/pwquality.conf".text = ''
dictcheck=1'';

Rebuild the system with the following command:

$ sudo nixos-rebuild switch

NixOS must prevent the use of dictionary words for passwords.

Description

Remediation Templates

A Manual Procedure