Creating a strong and unique password for Linux or Unix-like systems
- Create a password with mix of numbers, special symbols, and alphabets.
- Make sure your password is hard to guess. You can use tool such as makepasswd to create hard to guess password.
- Do not use simple words like “password”, “123456”, “123abc” or “qwerty”.
- Use a unique password for all your server accounts.
- A minimum password length of 12 to 14 characters should be used. See how to configure CentOS / RHEL / Fedora Linux based server password quality requirements.
- Generating passwords randomly where feasible. You can do this with a simple shell script function.
- If possible use two-factor authentication.
- Use pam_crack to ensure strong passwords and to check passwords against a dictionary attack.
But, how do you test the effectiveness of a password in resisting guessing and brute-force attacks under Linux? The answer is simple use cracklib-check command.
[b]Install cracklib on a Linux based system[/b]Type the following yum command to install on RHEL and friends:
# yum install cracklib[/size]
Type the following apt-get command to install on Debian/Ubuntu and friends:
# apt-get install libcrack2 ExamplesTest a simple password like “password”, enter:
$ echo "password" | cracklib-checkSample outputs:password: it is based on a dictionary word
Try sequential patterns such as “abc123456”:
$ echo "abc123456" | cracklib-checkSample outputs:abc123456: it is too simplistic/systematic
Try a password with a mix of letters, numbers, and symbols:
$ echo 'i1oVe|DiZza' | cracklib-checkSample outputs:
i1oVe|DiZza: OK
Regards..
