---
id: V-71915
status: opt-in
tag: accounts
---

The password quality requirements from the STIG are examples of good security
practice, but deployers are strongly encouraged to use centralized
authentication for administrative server access whenever possible.

Password quality requirements are controlled by two Ansible variables: one for
each individual password requirement and one "master switch" variable. The
master switch variable controls all password requirements and it is **disabled
by default**.

Deployers can enable all password quality requirements by setting the master
switch variable to ``yes``:

.. code-block:: yaml

    security_pwquality_apply_rules: yes

When the master switch variable is enabled, each individual password quality
requirement can be disabled by a variable. To disable the fix for this STIG
control, set the following Ansible variable:

.. code-block:: yaml

    security_pwquality_limit_repeated_characters: no