5.2.5 Complex passwords must contain a Special Character

Information

Complex passwords contain one character from each of the following classes: English uppercase letters, English lowercase letters, Westernized Arabic numerals, and non-alphanumeric characters. Ensure that a special character is part of the password policy on the computer

Rationale:

The more complex a password the more resistant it will be against persons seeking unauthorized access to a system.

Impact:

Password policy should be in effect to reduce the risk of exposed services being compromised easily through dictionary attacks or other social engineering attempts.

Solution

Run the following command to set passwords to require at least one special character:

$ sudo pwpolicy -a <administratoraccount> -setaccountpolicies 'requiresSymbol=<value>=1>'

example:

$ sudo pwpolicy -a test -setglobalpolicy 'requiresSymbol=1'

See Also

https://workbench.cisecurity.org/files/3092