Information
Password complexity includes password characteristics such as length, case, numerical, and character sets.
Rationale:
Complex passwords help mitigate dictionary, brute forcing, and other password attacks. This recommendation prevents users from choosing weak passwords which can easily be guessed.
Impact:
Remediation for this recommendation requires a server restart.
Solution
Add to the global configuration:
plugin-load=validate_password.so
validate-password=FORCE_PLUS_PERMANENT
validate_password_length=14
validate_password_check_user_name=ON
validate_password_dictionary_file=<path to dictionary file>
validate_password_policy=STRONG
Optionally set one or more of these - ensuring complexity is not overly onerous
validate_password_mixed_case_count=1
validate_password_number_count=1
validate_password_special_char_count=1
And change passwords for users which have passwords which are identical to their username.
Default Value:
Default component_validate_password is not installed.
validate_password_length=8
validate_password_mixed_case_count=1
validate_password_number_count=1
validate_password_policy=MEDIUM
validate_password_special_char_count=1