Password Security

One thing is certain – letting users pick their own passwords is a major security risk.

As an administrator you can simply test your passwords by running john the ripper over your passwords.

If john spits out passwords in single mode immediately this is an indication that your passwords suck!

This is where password generating tools come into play.

APG is a simple tool for random password generation. I recommend at least 8 characters for efficient passwords.

So here is an example on setting up a random 8-character password:

apg -m8 -x8

This will deliver a 8 charcter password. The m/x parameters indicate the minimum/maximum characters

If you want to make a password pronounceable (thus easier to remember):

apg -a1 -m8 -x8

User shell access

While checking your users passwords you might also consider checking if any users have shell access they dont even need.

You can list all users that have somesort of shell access by greping your passwd file:

cat /etc/passwd | grep -v /bin/false

Note: Some Services use /usr/sbin/nologin which is the same as /bin/false

Author: Robin

Job Education: IT specialist system integration Job: Server Admin and Network Operator