Password Policy Device Configuration
Here are step by step instructions for Secureframe Agent (Mac, PC and Linux) for Password Policy enforcement for user endpoints.
- Create a passcode profile with Require Alphanumeric true and Minimum Password Length is 8 or more.
- An MDM such as Jamf or Fleetsmith can create and enforce a password and screen lock policy to pass this test.
- If not using an MDM, you can view the additional resources link below to create a configuration profile or you can use the profile created here!
- Profile resources:
- More information on configuration for Apple devices
More information on payload for configuring a passcode policy
Please review this video below on how to configure a passcode profile for a Mac.
- The following requirements must be enforced to pass this check:
- Minimum password length: 8 characters
- Password must meet complexity requirements: Enabled
- These can be set via a GPO (Group Policy Object) at the following location:
Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
- If you are not comfortable managing Group Policy settings, we recommend using an MDM to enforce these settings on your devices.
The Password Policy check will not pass until you have both updated the password requirements and changed your password to comply with these requirements. These instructions were taken in part from this article.
The Password Policy check requires:
- Minimum password length of at least eight characters.
- The classes of characters are digits, upper letters, lower letters, and special characters.
- Minimum class of at least three for each password, meaning that multiple classes must be represented in the password.
- Install the augeas-lenses library and PAM module by running the following commands in your terminal:
sudo apt install augeas-lenses
sudo apt install libpam-pwquality
- Some Linux distributions may already have these libraries installed. See here for more technical information about the PAM module.
- Open the
- Find the line that includes
minlen=8 minclass=3to the end of that line. An example would look something like this:
password requisite pam_pwquality.so retry=3 minlen=8 minclass=3
- *If your Linux device is not 'checking in' after restarting, please refer to this article.