Set Password Strength Minimum Different Categories The pam_cracklib module's 'minclass' parameter controls requirements for usage of different character classes, or types, of character that must exist in a password before it is considered valid. For example, setting this value to three (3) requires that any password must have characters from at least three different categories in order to be approved. The default value is zero (0), meaning there are no required classes. There are four categories available: * Upper-case characters * Lower-case characters * Digits * Special characters (for example, punctuation) Modify the 'minclass' setting in '/etc/security/pwquality.conf' entry to require differing categories of characters when changing passwords. The minimum requirement is '3'.

Requiring a minimum number of character categories makes password guessing attacks more difficult by ensuring a larger search space. Fix: No Remediation Info