2.9 Set 'Minimum password length' to '4' or greater

Information

You can configure this setting to specify a minimum password length for device passwords. Long passwords can provide increased security. However, long passwords can decrease device usability.

Rationale:

Types of password attacks include dictionary attacks that use common words and phrases, and brute force attacks that use character combinations. Attackers also sometimes try to obtain an account database so they can use tools to discover accounts and passwords.

Solution

To implement the recommended state, execute the following PowerShell cmdlet:

Set-MobileDeviceMailboxPolicy default -MinPasswordLength 4

See Also

https://workbench.cisecurity.org/files/1514

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a)

Plugin: Windows

Control ID: c1701012d7ddddb073f40d4de9f8e2328cd207589630544f6c0fba432fc4811d