Enforce Strong Password Policies

Weak passwords are one of the easiest ways for attackers to gain unauthorized access to your system. If users create simple or easily guessed passwords, they are vulnerable to brute-force attacks and credential leaks.

Enforcing strong password policies ensures that all user passwords meet minimum security standards, making it significantly harder for attackers to compromise accounts.

How to Strengthen Password Policies

1. Open the password policy configuration file:

   sudo nano /etc/security/pwquality.conf

2. Set minimum length and complexity requirements:
   Add or modify the following lines:

   minlen = 12
   minclass = 3

   • minlen = 12 → Requires passwords to be at least 12 characters long.

   • minclass = 3 → Ensures passwords contain at least three different character types (uppercase, lowercase, numbers, symbols).

3. Save and close the file.

Additional Password Security Measures:

✅ Enforce password history to prevent users from reusing old passwords:

• Edit /etc/pam.d/common-password (Ubuntu/Debian):

  sudo nano /etc/pam.d/common-password

  Add:

  password requisite pam_pwhistory.so remember=5

  (Prevents users from reusing the last 5 passwords.)

✅ Set password expiration to require periodic updates:

• Check and set expiration policy for a user:

  sudo chage -l username   # View current settings
  sudo chage -M 90 username   # Require password change every 90 days

✅ Use fail2ban to block repeated failed login attempts and protect against brute-force attacks.

By enforcing strong password policies, limiting password reuse, and requiring periodic changes, you reduce the risk of weak passwords being exploited, making your Linux server much more secure.