Strong passwords make for more secure environments. Even the most secure system will break if the weakest link is an easy-to-guess administrator password. Following the rules in this appendix will help make your system more secure.
Brute-Force Attacks and Dictionary-Based Attacks
Passwords are susceptible to brute-force and dictionary attacks. The former is when an attacker attempts every single valid password. This can be extremely time-consuming, but given enough time the attacker will determine the password. Dictionary attacks are more clever. Rather than trying every possible password, an attacker tries words in a dictionary, hoping that the user has chosen a poor password based on a common word.
The recommendations in this appendix will substantially increase the time required for a brute-force attack to succeed and will render dictionary attacks harmless. If you follow these recommendations, the chances are good that you will have changed your password many times over by the time the attacker determines what the password is (was)!
We recommend that you follow these rules regarding passwords:
Table B-1. Classes of characters for use in passwords.
Class | Description | Example |
---|---|---|
Uppercase letters | Uppercase roman letters | A-Z |
Lowercase letters | Lowercase roman letters | a-z |
Numbers | All valid Arabic numerals | 0-9 |
Symbols | All other characters not already defined | !@#$%^&*()_+=-<.,.?/'~'";:[]{}\| |