← Rules Catalog
highaccess-controlverified rollback-safe

Set minimum password length

pam-pwquality-minlen · RHEL ≥ 8, UBUNTU ≥ 22 · 1 impl

Description

The minlen parameter in /etc/security/pwquality.conf sets the minimum acceptable size for new passwords. Longer passwords are more resistant to brute-force attacks.

Rationale

Password length is one of the most important factors in password strength. A minimum of 14 characters is recommended for strong security.

Check → Remediate

Checkconfig_value
path:
/etc/security/pwquality.conf
key:
minlen
expected:
{{ pam_pwquality_minlen }}
comparator:
>=
Remediateconfig_set
path:
/etc/security/pwquality.conf
key:
minlen
value:
{{ pam_pwquality_minlen }}
separator:
=

Framework references

CIS

rhel8 5.3.3.2.2rhel9 5.3.3.2.2rhel10 5.3.2.2.2ubuntu24 5.3.3.2.2ubuntu22 5.3.3.2.2

STIG

V-258107 / RHEL-09-611090V-230369V-270732 / UBTU-24-400320V-260565 / UBTU-22-611035V-281181 / RHEL-10-600220

NIST 800-53

IA-5(1)(a)IA-5

Live verification

rhel10:checkrhel8:checkrhel9:checkubuntu22:checkubuntu24:checkubuntu26:check
#pam#password#authentication#pwquality