Establishing good passwords

Edit online

Good passwords are effective first lines of defense against unauthorized entry into a system.

Passwords are effective if they are:
  • A mixture of both uppercase and lowercase letters
  • A combination of alphabetic, numeric, or punctuation characters. Also, they may have special characters such as ~!@#$%^&*()-_=+[]{}|\;:'",.<>?/<space>
  • Are not written down anywhere
  • Are at least 7 to a maximum of PW_PASSLEN characters in length, if using the /etc/security/passwd file (authentication implementations that use registries, such as LDAP, can have passwords that exceed this maximum length)
  • Are not real words that can be found in any dictionary
  • Are not patterns of letters on the keyboard, like qwerty
  • Are not real words or known patterns spelled backwards
  • Do not contain any personal information about yourself, family, or friends
  • Do not follow the same pattern as a previous password
  • Can be typed relatively quickly so someone nearby cannot determine your password

In addition to these mechanisms, you can further enforce stricter rules by restricting passwords so that they cannot include standard UNIX words, which can be guessed. This feature uses the dictionlist, which requires that you first have the bos.data and bos.txt file sets installed.

To implement the previously defined dictionlist, edit the following line in the /etc/security/users file: 
dictionlist = /usr/share/dict/words

The /usr/share/dict/words file uses the dictionlist to prevent standard UNIX words from being used as passwords.