Password Policies
If your users have insecure passwords, all the other security measures you might take may well be moot. Probably the most responsible thing you can do as the administrator of a FreeBSD system is to institute a password policy, requiring (or at least encouraging) your users to use passwords that cannot be easily guessed or decoded.
Users frequently find passwords inconvenient, and strict password policies doubly so. If allowed, a user will try to use his username, his telephone number, the server’s hostname, a word such as “password,” or strings of convenient-to-type characters, such as repeated letters or numbers. If you choose to expire users’ passwords after some period, the first thing a user will try, when prompted to choose ...
Get FreeBSD6 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
