Password Security

From Spry Wiki

Jump to: navigation, search

Password security is an important aspect which affects all aspects of Linux server administration.

Conventional wisdom suggests that the best password is one which can easily be remembered and does not need to be recorded. Unfortunately, the present reality of administering multiple servers or applications with unique passwords and creating passwords which may not easily be defeated by a dictionary attack has made easily-memorable passwords a thing of the past.

All passwords used on production servers should meet the following minimum complexity requirements:

  • Unique from any name or word which may be found in a dictionary
  • Eight characters in length or longer
  • Include both lowercase and uppercase letters
  • Include at least one number
  • Include at least one symbol

To ensure that you do not forget your password, you should record your root password for future access in a secure location. The locations and formats listed below are useful for immediate access - and, providing you record only your root password without an identifying IP address or domain, an attacker would not be able to make use of your recorded password without further information.

  • Write your root password in your personal address book or a piece of paper kept in your wallet
  • Store your root password in an encrypted file on a USB jumpdrive

If your password is lost, you will have to submit a support ticket to request a reset.

For those on dedicated boxes, losing your root password will create many headaches for yourself, and for the Spry technicians who must temporarily take your server offline to reset the password.

Recent Changes | RSS Feed RSS