Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters
An XCCDF Rule
Description
The pam_pwquality module's lcredit
parameter controls requirements for
usage of lowercase letters in a password. When set to a negative number, any password will be required to
contain that many lowercase characters. When set to a positive number, pam_pwquality will grant +1 additional
length credit for each lowercase character. Modify the lcredit
setting in
/etc/security/pwquality.conf
to require the use of a lowercase character in passwords.
Rationale
Use of a complex password helps to increase the time and resources required
to compromise the password. Password complexity, or strength, is a measure of
the effectiveness of a password in resisting attempts at guessing and brute-force
attacks.
Password complexity is one factor of several that determines how long it takes
to crack a password. The more complex the password, the greater the number of
possble combinations that need to be tested before the password is compromised.
Requiring a minimum number of lowercase characters makes password guessing attacks
more difficult by ensuring a larger search space.
- ID
- xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
- Severity
- Medium
- References
- Updated