Back
  • Misconfig Name
  • Password complexity is not enforced
  • Description
  • Passwords that contain only alphanumeric characters are easy to discover with several publicly available tools. You can enforce users to use a variety of characters in their passwords. This makes it difficult for a brute force attack to successfully crack the password.
  • Severity
  • Critical
  • Category
  • Password Policy
  • Resolution
  • Follow the below steps in GPO to resolve the misconfiguration. Configure the policy value for Computer Configuration -> Windows Settings >> Security Settings >> Account Policies >> Password Policy >> "Password must meet complexity requirements" to "Enabled".
  • Reboot Required
  • No