Regularly updating your computers with security patches and installing security programs to protect yourself are good habits to keep when using Ubuntu. To make sure your information and your computer are safe and secure, you must take these basic precautions.
One area that most people neglect when protecting their systems is creating a strong password policy. Keeping a strong password policy is as important as updating your system and enabling strong firewall. Because what good is security if your password isn’t secured?
This tutorial is going to show you some basic commands that will help you configure a strong password policy in Ubuntu.
Ubuntu default account management tool doesn’t let configure strong account policy when creating or managing accounts. Policies like setting password and account expiration, minimum and maximum days between password change and warning of days before passwords expire can’t be configured with the user and group management tool.
To configure these settings, one must use the chage command and this brief tutorial is going to show you how.
Before starting, run the chage command with the l switch to see the current password policy information about your account.
chage -l <username>
The command and switch above show the default password policy for Ubuntu user account. Password will never expire, account will never be inactive and the user will never be asked to change it. This can be a security risk.
The chage command helps you set these policies. For more information about the chage command, run this below.
You’ll see what the command can be used for and what switches to use with it. Read and and take note of it.
For example to set the account expiration date, use the E switch. Like this below.
sudo chage -E 01/31/2013 <username>
To force the user to change his/her password every 90 days, run the commands below
sudo chage -M 90 <username>
Replace <username> with your account name.
Now you see how it works. Everything you need to know and how to use it can be found using the man chage command.
A good password policy is the one that has the commands below
sudo chage -m 5 -M 90 -I 30 -I 30 -W 14 <username>
The policy commands above tells Ubuntu to (-M) force the user to change his/her password every 90 days, (-m ), wait 5 days after changing your password before you can change it again, (-I ) disable the account if it hasn’t been used in the last 30 days, and (-W ) provide a 14 days warnings to the user to change his/her password.
That’s it. I hope you’ll begin using password policy in Ubuntu to help protect your systems. These policy can be applied individual account after creation.