1.3.11 Ensure 'New Password Differs By Characters' is greater than or equal to 3

Information

This checks all new passwords to ensure that they differ by at least three characters from the previous password.
Rationale:
This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.

Solution

Navigate to Device > Setup > Management > Minimum Password Complexity
Set New Password Differs By Characters to 3 or more
Impact:
This prevents the use of passwords that fall into a predictable pattern. Especially in situations that involve staff turnover, having a pattern to password changes should be avoided.
Default Value:
Not enabled.

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(b), CSCv6|5

Plugin: Palo_Alto

Control ID: 613411ec08fd39c881d7e51ad47b0d0c764463d6d49a052155e7b4a4e3e4d95a