Password Complexiety

Password complexity is essential for security, making it harder for attackers to guess or crack passwords. It protects against brute force, dictionary, and guessing attacks by using longer, unpredictable passwords with a mix of uppercase, lowercase, numbers, and special characters. It helps prevent unauthorized access and ensures compliance with security standards.

We can archieve the password complexiety on the linux servers using the package libpam-pwquality , we will be installing it using :

$> sudo apt install libpam-pwquality

We can edit the config file using the nano editor using :

$> sudo nano /etc/security/pwquality.conf

---

Configuring Password Complexiety

By default enabling the package module it will start blocking weak passwords while setting up the new passwords but we do have options to make some changes to make it even more stricter in terms of setting password.

Password Difference

# Number of characters in the new password that must not be present in the
# old password.
 difok = 3

This will ensure the reuse of password characters will be banned ex : Current (Admin@2024) New (Admin@2025)

Minimum length

# Minimum acceptable size for the new password (plus one if
# credits are not disabled which is the default). (See pam_cracklib manual.)
# Cannot be set to lower value than 6.
 minlen = 9

This will ensure the minimum length of atleast 9 characters

Password Dictionary check for weak password

# Whether to check for the words from the cracklib dictionary.
# The check is enabled if the value is not 0.
dictcheck = 1

This will compare the entered password with the weak passwords to ensure strong password

Password cannot be some variation of username :

# Whether to check if it contains the user name in some form.
# The check is enabled if the value is not 0.
 usercheck = 1

As we can see upon changing passwords it is not letting weak passwords to be accepted which will eventually make the Linux security more hardened.