Enforcing Strong Password Criteria Using PWQUALITY
Cyber-attacks are becoming increasingly ubiquitous and difficult to deal with and Hackers relentlessly try to exploit common weak passwords. As a result, organizations have to safeguard themselves by using strong password criteria to secure their systems. In this article, we’ll take a look at the mechanics of enforcing strong password criteria on a Linux system. Installing and configuring pwquality We’ll be using the pwquality module for the Pluggable Authentication Module (PAM). This is a newer technology that has replaced the old cracklib module and this provides a way to configure the default password quality requirements for the system passwords. 1. Install the libpam-pwquality package: #apt install libpam-pwquality 2. Open the /etc/security/pwquality.conf file in your preferred text editor. When you open this file in your text editor, you’ll see that everything is commented out, which means that no password complexity criteria are in effect. You can set password complexity criteria however you want just by uncommenting the appropriate lines and setting the appropriate values. 3. Set minimum password length. Users can not set their password length less than this parameter. 4. Set minimum number of required classes of characters for the new password. (kinds ⇒ UpperCase / LowerCase / Digits / Others) 5. Set maximum number of allowed consecutive same characters in the new password. 6. Set maximum number of...
Read More