Thursday, August 11, 2011

Security Series - Password Password Password!!!

A strong password policy is one of the most important aspects of your security posture. Many successful security breaches involve simple brute force and dictionary attacks against weak passwords. If you intend to offer any form of remote access involving your local password system, make sure you adequately address minimum password complexity requirements, maximum password lifetimes, and frequent audits of your authentication systems.

Minimum Password Lenght:
By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.

password [success=2 default=ignore] pam_unix.so obscure sha512


If you would like to adjust the minimum length to 8 characters, change the appropriate variable to min=8. The modification is outlined below.

password [success=2 default=ignore] pam_unix.so obscure sha512 min=8

No comments:

Post a Comment