In this chapter we discussed how Unix identifies users and authenticates their identity at login. We presented some details on how passwords are represented and used. We’ll present more detailed technical information in later chapters on how to protect access to your password files and passwords, but the basic and most important advice for protecting your system can be summarized as follows:
Use one-time passwords if possible.
Otherwise:
Ensure that every account has a password.
Ensure that every user chooses a strong password.
Educate users not to tell their passwords to other users, type them in at an unsecure terminal, or transmit them in cleartext over a network.
Remember: even if the world’s greatest computer
hacker should happen to dial up your machine, if that person is stuck
at the login
: prompt, the only thing that she can
do is guess usernames and passwords, hoping to hit one combination
that is correct. Unless the criminal has specifically targeted your
computer out of revenge or because of special information
that’s on your system, the perpetrator is likely to
give up and try to break into another machine.
Making sure that users pick good passwords remains one of the most important parts of running a secure computer system.
Get Practical UNIX and Internet Security, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.