You can specify a password for a user when you add the user. Or, you can force the user to specify a password when the user first logs in.
User passwords must comply with the following syntax:
Password length must at least match the value identified by the PASSLENGTH variable in the /etc/default/passwd file. By default, PASSLENGTH is set to 6.
The first 6 characters of the password must contain at least two alphabetic characters and have at least one numeric or special character.
Although user names are publicly known, passwords must be kept secret and known only to users. Each user account should be assigned a password. The password can be a combination of six to eight letters, numbers, or special characters.
To make your computer systems more secure, users should change their passwords periodically. For a high level of security, you should require users to change their passwords every six weeks. Once every three months is adequate for lower levels of security. System administration logins (such as root and sys) should be changed monthly, or whenever a person who knows the root password leaves the company or is reassigned.
Many breaches of computer security involve guessing a legitimate user's password. You should make sure that users avoid using proper nouns, names, login names, and other passwords that a person might guess just by knowing something about the user.
Good choices for passwords include the following:
Nonsense words made up of the first letters of every word in a phrase. For example, swotrb for SomeWhere Over The RainBow.
Words with numbers or symbols substituted for letters. For example, sn00py for snoopy.
Do not use these choices for passwords:
Your name (spelled forwards, backwards, or jumbled)
Names of family members or pets
Car license numbers
Social Security numbers
Words related to a hobby or interest
Seasonal themes, such as Santa in December
Any word in the dictionary