Out of the box, Ubuntu machines are not set up with an advanced password policy. Any password, including weak ones, can be used and never expire. This may not be secure in some environments. To configure a more secure password policy and protect your users from hackers and intrusions, you will need to take some steps, and this post shows you how to do that. Ubuntu is an open-source Linux operating system that runs on desktops, laptops, servers, and other devices. When you’re ready to set up a strong password policy on Ubuntu, follow the steps below:
Ensure Passwords Expire
In most business environments, user passwords are configured to expire every 60 to 90 days. Desktop users are not configured like business environments and that’s why a single password can be used forever. If you want to configure Ubuntu to force users to change passwords regularly, you can run the commands below to open the login.defs file. For example, if you want the account password to be changed every 60 days, and several days before it changes again edit the highlighted lines in the file. You can also set the number of days a warning is given before a password expires. Save the file and exit.
Configure PAM Password Module
There is a PAM module called pam_pwquality that can be included with Ubuntu to require strong passwords for system users. pam_pwquality performs several basic checks, just like the old pam_cracklib module, including not allowing passwords to include a username from the GECOS field, rejecting passwords with more than N number of characters, and many other password-related checks. To install and use the pam_pwquality module, run the commands below: pam_pwquality main configuration file is at /etc/pam.d/common-password. Run the commands below to edit the file. A good password requirement will follow similar guidelines.
Allow N number of retries before returning error [retry=3] Set a minimal password length [minlen=8] Set N number of repeated characters [maxrepeat =3] Password must have uppercase characters [ucredit = -1] Password must have lowercase characters [dcredit=-1] Reject password with account name found in GECOS [gecoscheck=1]
Edit the highlighted line and add some of the requirements above to enforce. Make the above changes that fit your environment. When done, reboot your machine and the changes above should apply. That’s it! Conclusion: This post showed you how to set up a strong password policy on Ubuntu 18.04 | 16.04. If you find errors in the above, please use the form below to report. Thanks, You may also like the post below: