🔐How to Create Rules to Create Strong Passwords for Users

Introduction

Cracklib is a library to check whether a password is easy to crack or not. It checks that the password is not based on a simple character pattern or dictionary word. The main goal of this package is to stop users from choosing passwords that are easy to guess/hack. It tries to generate words from the username and gecos fields (entries in the /etc/passwd file) and checks the password. Note that cracklib is not a replacement for a password program, and must be used in conjunction with an existing password program. Install it if you want to ensure that passwords are at least minimally secure.

Configuration

Debian 10-Server

Install Package

apt-get install libpam-cracklib

Command to find out information on the expiration date of a password

*example: chage (user)

chage rizwan2
chage -l rizwan2

Configuration Cracklib

System-Authentication

nano /etc/pam.d/system-auth

/lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1

Strong Password

Then we will configure the libpam-cracklib software so that when changing the password the user cannot use an easy password. This of course will improve the quality of our security so that it is not easily known by other people.

nano /etc/pam.d/common-password

*on text: 
password requisite pam_cracklib.so retry=3 minlen=8 difok=3

*added to be:
password requisite pam_cracklib.so retry=3 minlen=9 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 difok=3

Configuration is Completed

Check the Configuration Results

Then we check whether the configuration was successful or not. You can check by changing the user password with an easy password. If when we change the password we use a password that is easily rejected, that means the configuration has been successful. So what we have to do is change the password by using a more complicated password.

*example: passwd (user)

passwd rizwan2
password : rizwan2
(rejected)

password : R1zw4n2@123
(accepted)