V-38475: The system must require passwords to contain a minimum of 14 characters.
---------------------------------------------------------------------------------

Requiring a minimum password length makes password cracking attacks more
difficult by ensuring a larger search space. However, any security benefit
from an onerous requirement must be carefully weighed against usability
problems, support costs, or counterproductive behavior that may result.  While
it does not negate the password length requirement, it is preferable to
migrate from a password-based authentication scheme to a stronger one based on
PKI (public key infrastructure).

Details: `V-38475 in STIG Viewer`_.

.. _V-38475 in STIG Viewer: https://www.stigviewer.com/stig/red_hat_enterprise_linux_6/2015-05-26/finding/V-38475

Notes for deployers
~~~~~~~~~~~~~~~~~~~

.. include:: developer-notes/V-38475.rst