7.1 General PolicyIt is imperative for users to select a password that is not easy to guess and that certainly is not a default password. I recommend giving each new user a different initial password that could be a simple phrase and require them to change it immediately. I found picking a phrase from current events can bring someone a smile and yet it will not be guessable a few weeks later when it no longer is current. I then check an hour later to make sure that the user has changed the password by trying to log in as the user with said initial password. This prevents another disgruntled (or fired employee) from trying out the same initial password on each new account. I recommend carefully reading the Passwd(1) man page as it has lots of good advice on password selection, and incorporating it into your policy. Some items to include follow.
"Avoiding Weak and Default Passwords" on page 42 goes into more details on passwords, and is must reading. |
Top |