English Portuguese (Brazil)
Passphrase policy
Policy for initially setting or changing local passphrases/passwords in Fedora installs.
Introduction
This policy is for applications that set or change passphrases/passwords locally on Fedora installations. One central place for policy for passphrases was desired and that is now in the `libpwquality` package. This package ships defaults for Fedora as decided by FESCo. Fedora products can override the defaults by creating their own `/etc/security/pwquality.conf.d/` configuration file. The local administrators can set their own policy in the master `/etc/security/pwquality.conf` file.
Scope
This policy is only for applications that set or change local passwords/passphrases. It has nothing to do with remote/central authentication stores, which can and do still have their own policies.
Summary of defaults
passwords/passphrases must be at least 8 characters long.
passwords/passphrases must have at least 1 character different from previous existing password/passphrase (if applicable).
passwords that fail to pass `libpwquality` should display the failure to the user.
root / admin users should be able to override quality checks (for purposes of this, the installing user is root/admin)
applications may use the `libpwquality` 'score' to display an analog strength meter to users as an informational tool, but should not use score as a decision making factor for acceptance.
Applications covered
`anaconda`
`passwd`, anything using `pam` (such as login for changing expired passwords)
`gnome-initial-setup`
References
link:https://fedorahosted.org/fesco/ticket/1455[#1455 F23 System Wide Change: Standardized Passphrase Policy]
link:https://fedoraproject.org/wiki/Changes/Standardized_passphrase_policy[Changes/Standardized passphrase policy]