We already posted a brief guide about - how to generate a strong password in Linux a while ago. Now, we are going to find out if the generated password is really strong or not. In this short tutorial, we will see how to check the password complexity in Linux from commandline.
Before going further, here are some useful tips to all those who wants to keep their system safe.
- Never ever use the same password for different Email accounts, ssh/ftp/sftp logins. If a hacker managed to crack your password, s/he literally have access to all accounts. So, generate and use different unique password for each account.
- A good password should be the combination of letters, numbers, special characters.
- Make sure your password has at least 12 or more characters. Check our guide how to force users to use strong password.
- Don't save your passwords online. Use good password manager or memorize them.
- Consider two factor authentication if possible.
- More importantly, don't use valid answers for security questions, eventually with enough data breaches, hackers will have all the answers. The common security questions are father's maiden name, school name, favorite pet's name, last name of first girlfriend/boyfriend, etc. Since much of the time these are stored in plain text on websites someone can gain access to many of your accounts by knowing these answers. Instead, put in mixed letters/numbers as answers and use a secure password manager to keep track of your answers. I came across this tip on Reddit. So I thought sharing it here would be helpful to someone.
Check the Password Complexity in Linux
There are plenty of tools and websites are available to test the password complexity. However, what we are going to discuss here is the easiest and effective method among them.
Install cracklib package if it is not installed already.
On Arch Linux and its derivatives, run:
$ sudo pacman -S cracklib
On RHEL, Fedora, CentOS:
$ sudo yum install cracklib
Or,
$ sudo dnf install cracklib
On Debian, Ubuntu, Linux Mint:
$ sudo apt-get install libcrack2
Now, It is time for some password complexity tests.
Let us start with a simple password.
$ echo "Welcome1" | cracklib-check
Sample output:
Welcome1: it is based on a dictionary word.
As you see in the above output, the given password is based on dictionary word, which is not recommended.
Let us see what will be the result if give a strong password.
$ echo "wXCHXlxuhrFrFMQLqik=9" | cracklib-check
Sample output:
wXCHXlxuhrFrFMQLqik=9: OK
Here is another one.
$ echo "sheew3aeReidir&*=" | cracklib-check
Sample output:
sheew3aeReidir&*=: OK
Great! These password are strong enough to use. Likewise, you can check the complexity of different passwords as described above.
Suggested read:
- KeeWeb – An Open Source, Cross Platform Password Manager
- Buttercup – A Free, Secure And Cross-platform Password Manager
- Titan – A Command line Password Manager For Linux
- How To Set Password Policies In Linux