Passwords are the keys to your system. It goes without saying that they
should be as secure as possible to prevent an unauthorized login, which
is the first step to much bigger security problems. Using passwords that
are strong enough to blunt an attack is a crucial yet simple step that can
save you a lot of trouble in the future.
Many passwords used by users are quite easy to guess. Red Hat Linux provides a
number of different ways to provide authentication to the system,
including encrypted passwords using crypt, shadow
passwords (covered in greater detail in the section called Shadow Utilities in Chapter 12), Kerberos
5, and beyond. In every situation where you select a
password as part of an authentication scheme, the security of that scheme
is at least partially at the mercy of the complexity of the password
chosen.
Why should you always try to create secure passwords that are difficult
to guess? In short, the price of powerful computer hardware continues to
decrease while the number of quality and freely-available tools and methods for
cracking passwords continues to increase. Due to the way that passwords
are stored in many of the simpler authentication schemes, if an attacker
ever gains access to the file containing the passwords of your system's
users, they can usually guess one of them in a relatively short amount of time by
testing the encrypted passwords against a list of dictionary
words. While the authentication schemes are aware of these kinds of
attacks and try various methods to help make them less likely, none of
these methods is foolproof. Therefore, you should pay great attention to the kind of
password you select and how often you change it, especially with the
root account.
A good password has the following qualities:
Has at least eight characters — The
shorter the password, the generally easier it is to crack.
Is made up of characters, numbers, and symbols —
Numbers and symbols hidden within letters (or vice versa) lengthens the possible
number of options for a given character, which strengthens the
overall password.
Is unique — Select passwords that are
different than other passwords you may be using. If all of your
passwords are the same or very similar, the magnitude of a security
breach can be much greater.
You should avoid using passwords that
Are dictionary words — By using
dictionary words as passwords, you are making it exponentially
easier for your system to be cracked. Don't do it, and don't
override authentication schemes that prevent the use of dictionary
words to allow your users to do it.
Are tied to your personal information —
If you use passwords that are your birthday, spouse's name, or the
make of your car, you are asking for trouble. Think about every
password you use and determine whether or not someone who knows you
could guess it. If there is even a slight chance they could, don't
use that password.
Cannot be typed quickly — If your
password is so complicated that you must hunt-and-peck for the
characters each time you type it, prying eyes could easily watch
your fingers and guess your password. At the very least, practice
typing your password while alone to increase the speed in which you
can type it.
