[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Minimum password length

ID: oval:org.secpod.oval:def:7900Date: (C)2012-11-10   (M)2023-07-04
Class: COMPLIANCEFamily: windows




The Minimum password length setting should be configured correctly. This policy setting determines the least number of characters that make up a password for a user account. There are many different theories about how to determine the best password length for an organization, but perhaps pass phrase is a better term than password. In Microsoft Windows 2000 or later, pass phrases can be quite long and can include spaces. Therefore, a phrase such as I want to drink a $5 milkshake is a valid pass phrase; it is a considerably stronger password than an 8 or 10 character string of random numbers and letters, and yet is easier to remember. Users must be educated about the proper selection and maintenance of passwords, especially with regard to password length. In enterprise environments, ensure that the value for the Minimum password length setting is configured to 8 characters. This policy setting is long enough to provide adequate security. In high security environments, configure the value to 12 characters. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy\Minimum password length (2) REG: NO INFO

Platform:
Microsoft Windows Server 2008 R2
Reference:
CCE-10372-1
CPE    1
cpe:/o:microsoft:windows_server_2008:r2
CCE    1
CCE-10372-1
XCCDF    5
xccdf_org.secpod_benchmark_HIPAA_45CFR_164_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_SecPod_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_general_Windows_Server_2008_R2
xccdf_org.secpod_benchmark_PCI_3_2_Windows_Server_2008_R2
...

© SecPod Technologies