//More Protection for your Linux Software with Password Complexity on Debian

More Protection for your Linux Software with Password Complexity on Debian

Debian Linux

Debian Linux

If you’ve never deployed password quality checking on your Debian-based Linux system, you can check it out now. The Cylix Linux software runs on Debian 8.7.1 and up, and while we’re making sure your notes are encrypted, we want to help you ensure that your systems are safe too.

The settings for password quality check is not straightforward, but it is highly sophisticated. It is one of the little flexible features of Linux for which we’re grateful.

You have to install the relevant library first. To do so, use the command:

apt-get -y install libpam-pwquality

You’ll find most of the settings will be in the file named /etc/pam.d/command-password.

Complexity settings to keep your Linux software safe

You may set minimum password length to 12 using complexity settings, but it doesn’t work as you’d expect. Users may get away with eight character passwords if they’ve got credit for other forms of password complexity.

Using the complexity settings, you can also define rules for system users to set passwords:
• Uppercase, lowercase
• Digits
• Other special characters
• A mix of these
• Restriction on times the same character can be used
• Restriction on reusing a password, etc.

Some of the self-explanatory keywords that the settings include are minlen, minclass, maxrepeat, maxclassrepeat, lcredit, ucredit, dcredit, ocredit, difok, remember.

Note that class here refers to a type of characters, such as Uppercase, Lowercase, Digits, etc.

An example of robust password complexity settings

Using the system of credits, you can enforce suitable complexity in the passwords that users create. Users will earn credits when their passwords meet the conditions you set. So, for example, if you set minlen = 12, the password “erpkjdtcbmsl” may pass. But if you set dcredit = 3, then even “erpkjdtcb198” will pass, since you get three credits for digits. So a total of 9 credits for length plus three for digits equals 12 credits for length, which gives minlen = 12.

Here’s another interesting feature of the complexity checker. If you set dcredit, lcredit, ucredit or ocredit to negative values, then you can make sure the user includes at least one of these character classes for the password to be accepted.

For example, in the above example, if you set dcredit to -1, then the password would have to include at least one digit to pass. What the negative sign does is to disable the credit, so that credits from other compliances don’t cancel out the requirement for a digit.

Using minclass, you can restrict users to making sure that they use characters from your prescribed number of classes. So, for instance, if the value is 2, then system users can create a password incorporating characters from two categories, such as uppercase and digits.

This password complexity checker is only for regular users. Root users will be able to set any password they want. Once you’ve set the preferences, you should enter a password and make sure that the settings are working.

We believe a good password should be at least fourteen characters long, to be unbreakable. Eight characters may no longer cut it. And this rule can apply to the passwords you create for your notes on Cylix Linux software as well.

Summary
Article Name
More Protection for your Linux Software with Password Complexity on Debian
Description
If you've never deployed password quality checking on your Debian-based Linux system, you can check it out now. The Cylix Linux software runs on Debian 8.7.1 and up, and while we're making sure your notes are encrypted, we want to help you ensure that your systems are safe too.
Author
Publisher Name
AllSoft Ltd
Publisher Logo
2017-08-09T16:50:59+00:00 August 6th, 2017|Blog|0 Comments

Leave A Comment

Error: Please enter a valid email address

Error: Invalid email

Error: Please enter your first name

Error: Please enter your last name

Error: Please enter a username

Error: Please enter a password

Error: Please confirm your password

Error: Password and password confirmation do not match

We use cookies on this site to enhance your user experience. By continuing on this website you are giving your consent for us to set cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close