2.2.2 Strong Passwords

During installation, you are prompted to enter passwords for root and one additional user, if you choose the user to be authenticated locally rather than over the network. The passwords that you enter should be strong in that they should be extremely difficult to deduce by guesswork or by other means, such as automated FTP or SSH logins. By default, the installation process rejects null passwords and warns about weak passwords, but it does not enforce strong passwords. It is your responsibility to ensure that passwords are sufficiently strong.

Some general guidelines for creating a strong password are:

  • Make the password at least eight characters long.

  • Use a mixture of lower and upper case letters, numbers, and other characters.

  • Do not include whole words from English, LEET speak, or any other language or technology, even if you spell the words in reverse order.

  • Do not include personal information such as names, dates, addresses, email addresses, or telephone numbers.

  • Do not use well-known acronyms, abbreviations, or character sequences such as QWERTY.

  • Do not use a password that is the same as or very similar to a password that you used previously on the system.

  • Use a password for root that is different from the password for any other user.