Secureframe Agent: Password Policy Check

Password Policy Device Configuration

Here are step by step instructions for Secureframe Agent (Mac, PC and Linux) for Password Policy enforcement for user endpoints.




  • The following requirements must be enforced to pass this check:
    • Minimum password length: 8 characters
    • Password must meet complexity requirements: Enabled
  • These can be set via a GPO (Group Policy Object) at the following location:
Computer Configuration\Windows Settings\Security Settings\Account Policies\Password Policy
  • If you are not comfortable managing Group Policy settings, we recommend using an MDM to enforce these settings on your devices.



The Password Policy check will not pass until you have both updated the password requirements and changed your password to comply with these requirements. These instructions were taken in part from this article.

The Password Policy check requires:

  • Minimum password length of at least eight characters.
  • The classes of characters are digits, upper letters, lower letters, and special characters.
  • Minimum class of at least three for each password, meaning that multiple classes must be represented in the password.
  1. Install the augeas-lenses library and PAM module by running the following commands in your terminal:
sudo apt install augeas-lenses
sudo apt install libpam-pwquality
  1. Some Linux distributions may already have these libraries installed. See here for more technical information about the PAM module.
  2. Open the /etc/pam.d/common-password file.
  3. Find the line that includes
  4. Add minlen=8 minclass=3 to the end of that line. An example would look something like this:
password requisite retry=3 minlen=8 minclass=3
  • *If your Linux device is not 'checking in' after restarting, please refer to this article.

Was this article helpful?

Have more questions? Submit a request



Article is closed for comments.