Details
This checks all new passwords to ensure that they differ by at least three characters from the previous password.
Rationale:
This is one of several settings that, when taken together, ensure that passwords are sufficiently complex as to thwart brute force and dictionary attacks.
Solution
Navigate to Device > Setup > Management > Minimum Password Complexity
Set New Password Differs By Characters to 3 or more
Impact:
This prevents the use of passwords that fall into a predictable pattern. Especially in situations that involve staff turnover, having a pattern to password changes should be avoided.
Default Value:
Not enabled.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Identification and Authentication.This control applies to the following type of system Palo_Alto.