1.3.10 Ensure 'Block Username Inclusion' is enabled

Information

This checks all new passwords to ensure that they block username inclusion (in either forward or reverse order.)
Rationale:
This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.

Solution

Navigate to Device > Setup > Management > Minimum Password Complexity
Set Block Username Inclusion (Including reversed) to checked
Impact:
If username inclusion is allowed in passwords, they become much easier to compromise. This prevents the use of the default (and trivial) admin / admin password combination.
Default Value:
Not enabled.

See Also

https://workbench.cisecurity.org/files/1664

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)(a), CSCv6|5.3

Plugin: Palo_Alto

Control ID: 3142fca9be5d4217aa8486398a637dc427152bf111390d59f9b28d97f029e350