How to Enforce Password Quality on Ubuntu 18.04 VPS or Dedicated Server

How to Enforce Password Quality on Ubuntu 18.04 VPS or Dedicated Server

Introduction

A strong password is one of the most important elements of a strong secure Information and communication technology (ICT) infrastructure.

A good password should be able to withstand, or at least make it hard for a malicious person to guess, carry out a brute force or a dictionary attack.

Nowadays with increased cloud hosted infrastructure, remote access to clients or servers is common through SSH/RDP. This requires you to have a strong password to avoid unauthorised access to critical data. A good password should:

  • Be at least 8 characters long.
  • Contain at least one uppercase character.
  • Contain at least one lowercase character.
  • Contain at least one number
  • Contain at least one special character.

Before you Start

  • A VPS or Dedicated Server running Ubuntu 18.04.
  • A non-root user configured with sudo privileges.

Steps

Update System Packages

$ sudo apt update -y && sudo apt upgrade -y

Install pam_cracklib Package

This is a library that serves to check entered passwords against a system dictionary in order to force compliance. It measures the strength and based on results, it may accept or reject the password to help avoid entering weak passwords.

$ sudo apt install -y libpam-pwquality

Configurations made against a password may include the set maximum days a password may “live” before you are prompted to change it. This setting recides in the /etc/login.defs file

$ sudo vim /etc/login.defs

From line160, you may decide to use the number of days set below or one that is most appropriate to you.

Set the maximum number of days a password can be used in the PASS_MAX_DAYS line.

Set the minimum number of days a password should be used before another change is made (PASS_MIN_DAYS).

Set the number of days you should be warned before the password expires (PASS_WARN_AGE).

PASS_MAX_DAYS   30
PASS_MIN_DAYS   0
PASS_WARN_AGE   7

Set the minimum number of characters in a password.

The default number of characters in an Ubuntu 18.04 OS is 6. You may change this under the common-password file under the /etc/pam.d folder.

$ sudo vim /etc/pam.d/common-password

Set the minimum password length online25

password        requisite       pam_pwquality.so retry=3 minlen=9

Set the minimum number of times a single password should not be repeated after change on line26

 password        [success=1 default=ignore]      pam_unix.so obscure use_authtok try_first_pass sha512 remember=5

As discussed in the introduction, we need to ensure the properties are enforced while entering a new password; uppercase characters, lowercase characters, digits and special characters. We will enforce at least 3 properties for a password strength test criteria online25.

password        requisite        pam_pwquality.so retry=3 minclass=2

Other settings that may be appended at the endof line 25 include:

maxrepeat=3

To confirm your password policy implementation, try changing the password.

$ passwdChanging password for linuxuser.
(current) UNIX password: 
New password: 
BAD PASSWORD: The password is shorter than 8 characters
New password:

Conclusion

You have successfully changed your password policy checks. It cannot be stressed enough how a good password policy development and implementation is. Alternatively, you may change the password policy for a single user by using the sudo chage USERNAME command while replacing the USERNAME with your appropriate one. You will follow the subsequent prompts and confirm with the sudo chage -l USERNAME command.

Check out these top 3 Best web hosting services

Hostinger
AU$4.49 /mo
Starting price
Visit Hostinger
Rating based on expert review
  • User Friendly
    4.7
  • Support
    4.7
  • Features
    4.8
  • Reliability
    4.8
  • Pricing
    4.7
IONOS
AU$1.50 /mo
Starting price
Visit IONOS
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.3
Ultahost
AU$3.76 /mo
Starting price
Visit Ultahost
Rating based on expert review
  • User Friendly
    4.3
  • Support
    4.8
  • Features
    4.5
  • Reliability
    4.0
  • Pricing
    4.8

How to Harden your Ubuntu 18.04 Server

This how-to article shows you how to harden an Ubuntu 18.04 server.
less than a minute
Vladimir Rakov
Vladimir Rakov
Hosting Expert

How to Install a Let’s Encrypt Certificate on your Ubuntu 18.04 Dedicated Server or VPS

If you are hosting your website on a VPS server running Ubuntu 18.04, we will sh
less than a minute
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester

How to Set Up SSH for your Ubuntu 18.04 VPS or Dedicated Server

This how-to article shows you how to create a public and a private key for acces
less than a minute
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester

How to Install a Self-Signed SSL Certificate on Your Ubuntu 18.04 VPS or Dedicated Server

This how-to article will teach you how to create a self-signed SSL certificate o
less than a minute
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.
Click to go to the top of the page
Go To Top