RHEL 8 systems, version 8.4 and above, must ensure the password complexity module is configured for three retries or less.
Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. This is set in both:
By limiting the number of attempts to meet the pwquality module complexity requirements before returning with an error, the system will audit abnormal attempts at password changes.