Configuring the BIG-IP system to enforce the use of strict passwords

Information

You can configure the BIG-IP system to use strict password checking for user accounts. Strict password checking tests the password in several different ways. The BIG-IP system will perform the following key tests:

- Try to match patterns in the user name to information in the user's gecos field
- Check for any simple patterns
- Attempt to match the password against dictionary words

The BIG-IP system normally performs these checks when a new password is entered, but in its default configuration, the system will only warn the user if the password fails the tests. When strict password checking is enforced, the BIG-IP system will not allow the user's password if it fails any of the tests.

Solution

To enable strict password enforcement, log in to the command line and type the following command:

tmsh modify /sys db users.strictpasswords value enable

See Also

https://support.f5.com/csp/article/K53108777#link_01

Item Details

Category: ACCESS CONTROL

References: 800-53|AC-10, CAT|II, CCI|CCI-000054, Rule-ID|SV-74521r2_rule, STIG-ID|F5BI-DM-000003, Vuln-ID|V-60091

Plugin: F5

Control ID: da756150fa100c21aabf12c8b6ae868e9ac034b8e581d4f3e35719faf7c5d73c