Monday, January 30, 2017

[Quick Tips: Password Complexities]: How To Check The Password Complexity In Linux

How To Check The Password Complexity In Linux

Now, how do we know if the generated password is strong? Good question, isn’t it? Indeed! This brief guide has the answer for you. Before going further, here is my suggestion to all those who wants to keep your system safe.
  • Never ever use the same password for different Email accounts, ssh/ftp/sftp logins. If a hacker managed to crack your password, he literally have access to all accounts. So, generate and use different unique password to each account.
  • A good password should be combination of letters, numbers, special characters.
  • Make sure your password has at least 12 or more characters. Check our guide how to force users to use strong password.
  • Don’t save your passwords online. Use good password manager or memorize them.
  • Consider two factor authentication if possible.
  • More importantly, Don’t use valid answers for security questions, eventually with enough data breaches, hackers will have all the answers. The common security questions are father’s maiden name, school name, favorite pet’s name, last name of first girlfriend/boyfriend, etc. Since much of the time these are stored in plain text on websites someone can gain access to many of your accounts by knowing these answers. Instead, put in mixed letters/numbers as answers and use a secure password manager to keep track of your answers. I came across this tip on Reddit. So I thought sharing it here would be helpful to someone.
Now, let us get into the topic. In this short tutorial, we will see how to check the password complexity in Linux from commandline.

Check The Password Complexity In Linux

There are plenty of tools and websites are available to test the password complexity. But, what we are going to discuss here is the easiest and effective method among them.

Install cracklib package if it is not installed already.

On Arch Linux and its derivatives, run:
sudo pacman -S cracklib

On RHEL, Fedora, CentOS:
sudo yum install cracklib
Or,
sudo dnf install cracklib

On Debian, Ubuntu, Linux Mint:
sudo apt-get install libcrack2

Now, It is time for some password complexity tests.

Let us start with a simple password.
echo "Welcome1" | cracklib-check

Sample output:
Welcome1: it is based on a dictionary word.

As you see in the above output, the given password is based on dictionary word, which is not recommended.

Let us see what will be the result if give a strong password.
echo "wXCHXlxuhrFrFMQLqik=9" | cracklib-check

Sample output:
wXCHXlxuhrFrFMQLqik=9: OK

Here is another one.
echo "sheew3aeReidir&*=" | cracklib-check

Sample output:
sheew3aeReidir&*=: OK

Great! These password are strong enough to use. Likewise, You can check the complexity of different passwords as described above.

No comments: