4.6 Summary

In this chapter we discussed how Unix identifies users and authenticates their identity at login. We presented some details on how passwords are represented and used. We'll present more detailed technical information in later chapters on how to protect access to your password files and passwords, but the basic and most important advice for protecting your system can be summarized as follows:

  • Use one-time passwords if possible.


  • Ensure that every account has a password.

  • Ensure that every user chooses a strong password.

  • Educate users not to tell their passwords to other users, type them in at an unsecure terminal, or transmit them in cleartext over a network.

Remember: even if the world's greatest computer hacker should happen to dial up your machine, if that person is stuck at the login: prompt, the only thing that she can do is guess usernames and passwords, hoping to hit one combination that is correct. Unless the criminal has specifically targeted your computer out of revenge or because of special information that's on your system, the perpetrator is likely to give up and try to break into another machine.

Making sure that users pick good passwords remains one of the most important parts of running a secure computer system.

    Part VI: Appendixes