Set Password Minimum Length in login.defs

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

To specify password length requirements for new accounts, edit the file /etc/login.defs and add or correct the following line:

PASS_MIN_LEN 12

The DoD requirement is 15. The FISMA requirement is 12. The profile requirement is 12. If a program consults /etc/login.defs and also another PAM module (such as pam_pwquality) during a password change operation, then the most restrictive must be satisfied. See PAM section for more information about enforcing password quality requirements.

Rationale

Requiring a minimum password length makes password cracking attacks more difficult by ensuring a larger search space. However, any security benefit from an onerous requirement must be carefully weighed against usability problems, support costs, or counterproductive behavior that may result.