Many types of attack begin with a stolen password. Passwords can be compromised in many ways, and for some methods, such as finding a password with a sniffer program, all passwords are equally vulnerable. Some methods of attack, though, such as dictionary attacks, are more likely to succeed with some passwords than with others. For this reason, you should educate your users about how to select a good password. A perfect password from a security standpoint is a random selection of letters, numbers, punctuation, and any other characters that the system recognizes. Unfortunately, such passwords are hard for people to remember, so they tend to write them down—a practice that's at least as bad as using a poor password, as crackers may be able to find the paper on which the password is written. A good compromise is to create a password by starting from a memorable base and modifying that base so that it's not likely to appear in a cracker's dictionary.
Warning Be extra careful when constructing the root password. This password is unusually sensitive, so you should be sure it's not guessable, and you should protect it from being discovered. For instance, you should never type the root password over an unencrypted protocol, such as Telnet or FTP.
Was this article helpful?