1.3.8 Ensure 'New Password Differs By Characters' is greater than or equal to 3

Information

This checks all new passwords to ensure that they differ by at least three characters from the previous password.

Rationale:

This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.

Impact:

This prevents the use of passwords that fall into a predictable pattern. Especially in situations that involve staff turnover, having a pattern to password changes should be avoided.

Solution

Navigate to Device > Setup > Management > Minimum Password Complexity
Set New Password Differs By Characters to 3 or more

Default Value:

Not enabled.

See Also

https://workbench.cisecurity.org/benchmarks/8826

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1), CSCv7|4.2, CSCv7|16

Plugin: Palo_Alto

Control ID: f47973eb1b455b1318a5f75001c2163595bfd1b10d88029562b98e59c9e7c7b5