|Home Products Download Purchase Support Contact|
Establishing Good Password Policies
Dru Lavigne, 17 Jan 2001
...In this week's article, I'd like to take a look at how to create a password policy on your FreeBSD system.
In order for any user to log in to a FreeBSD system, they need to have a previously created user account and know the password associated with that user account. One of the responsibilities of the system administrator is to create a password policy that is appropriate for the users of the network. When creating the password policy, you need to consider the following points:
Often, administrators will have a password policy for regular user accounts and a separate policy for the root user account. For example, it is common to have a password length of 6 characters for regular users, but require a password length of 11 characters for the root user account. You may decide that it is too difficult to force users to use a password that requires both uppercase characters and symbols, but may want to keep this as a requirement on the root password so it will be much more difficult to guess.
There are additional considerations when creating a password policy. When a user account is created, the password is also created by the administrator. It is recommended that users immediately change this password the first time they log in; this ensures that no one knows the user's password except that user. Users should be taught not to give their password to anyone for any reason; remember, if worst comes to worst and a user forgets their password or a user leaves and access to their resources is required, the superuser has the ability to change the user's password.
Since users are responsible for creating their own passwords, it is up to the system administrator to educate users on what does and does not constitute a good password. Being human, it is far easier to remember a password that is the same as my username, my real name, my nickname, my dog's name, etc. Unfortunately, these are all examples of bad passwords. Many articles have been written that give examples of both good and bad passwords and the reasons why creating a good password is important. Here is one such article.
Let's assume we wish to implement the following example password policy:
Original article: http://www.onlamp.com/pub/a/bsd/2001/01/17/FreeBSD_Basics.html
SoftFuse Password Generator Pro
SoftFuse Password Generator Std
SoftFuse Password Generator Free