Passwords

Linux and password strength

One of the options to improve password security is by setting a minimum length. This prevents users from choosing easy passwords. As part of Linux system hardening, you don’t want your passwords to be cracked too quickly by modern password crackers.

Configuration

Let’s have a look at how to configure password security and in particular the length and its strength.

Login settings

The first area where you can set a password length is in /etc/login.defs. The related setting is PASS_MINLEN and already tells us it is about the minimum length of a password. Modern Linux distributions will no longer use this setting and prefer PAM, or pluggable authentication modules.

Password files on Linux are used to store user details, like your unique user ID and name. It defines who you are on the system, your access to files, and the permissions you have. Proper password management, together with file integrity of your password files, is important. It keeps your system and user accounts safe.

Password Files

For most Linux distributions there are two related files available: /etc/passwd and /etc/shadow. The first file defines what local users are available on the system. Fields include an identifier code (your user ID), your username, and an informational field named GECOS. This last field provides (optional) details about you, like contact details. The /etc/shadow file is a cloned file of /etc/passwd, with the exception that it does store the related password of users. It has different file permissions, to avoid others from snooping at your password, or a hashed form of it.