1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3

Information

This checks all new passwords to ensure that they differ by at least three characters from the previous password.
Rationale:
This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.

Solution

Navigate to Device > Setup > Management > Minimum Password Complexity
Set New Password Differs By Characters to 3 or more
Impact:
This prevents the use of passwords that fall into a predictable pattern. Especially in situations that involve staff turnover, having a pattern to password changes should be avoided.
Default Value:
Not enabled.

See Also

https://workbench.cisecurity.org/files/2104

Item Details

Category: ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

References: 800-53|AC-2, 800-53|IA-5, CSCv6|5, CSCv6|5.3, CSCv7|4.2, CSCv7|16

Plugin: Palo_Alto

Control ID: 172499fefaa9d5535df23e31be9821834b7f12b570aa65be33b6f7666dd4f1bb