There are two kinds of obvious passwords:
1. Dictionary words or common acronyms
2. Names or phrases that are in common use within your organisation
Fortunately there are some simple ways to prevent users making poor choices:
1. Enforce password history. This prevents a password from being re-used.
# chsec -f /etc/security/user -s default -a <setting>=<restriction>
histsize = 4
histexpire = 26
minage = 1
maxage = 52
maxexpired = 8
2. Set password pattern restrictions e.g. a password must have at least one capital letter or number
# chsec -f /etc/security/user -s default -a <setting>=<restriction>
logintimes =
pwdwarntime = 5
loginretries = 5
minalpha = 2
minother = 2
minlen = 8
mindiff = 4
maxrepeats = 2
3. Use a custom dictionary to prevent the use of words that are in common use in your organisation or are so common as to be easily guessed:
Create a text fileor use the standard "/usr/share/dict/words" file and create a list of banned words or terms e.g.
Vodafone01
1106HHAmsterdam
Discount!
Set the AIX default password restrictions to check these words when a user changes their password:
# chsec -f /etc/security/user -s default -a dictionlist=/usr/share/dict/words
Once the restrictions are in place the users are then prevented from choosing a word from this list:
$ passwd
Changing password for "test"
test's Old password:
test's New password: (the password entered is “test”)
3004-335 Passwords must not match words in the dictionary.
No comments:
Post a Comment