1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3

Information

This checks all new passwords to ensure that they differ by at least three characters from the previous password.

Rationale:

This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.

Impact:

This prevents the use of passwords that fall into a predictable pattern. Especially in situations that involve staff turnover, having a pattern to password changes should be avoided.

Solution

Navigate to Device > Setup > Management > Minimum Password Complexity
Set New Password Differs By Characters to 3 or more

Default Value:

Not enabled.

See Also

https://workbench.cisecurity.org/benchmarks/13792

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.4

Plugin: Palo_Alto

Control ID: b0f94863229c1eb868d3abf2af95205f25f4c71ca132dad064d7868d7a0c8ec8