In this chapter we discussed how Unix identifies users and
authenticates their identity at login. We presented some details on
how passwords are represented and used. We'll
present more detailed technical information in later chapters on how
to protect access to your password files and passwords, but the basic
and most important advice for protecting your system can be
summarized as follows:
Ensure that every account has a password.
Ensure that every user chooses a strong password.
Educate users not to tell their passwords to other users, type them
in at an unsecure terminal, or transmit them in cleartext over a
Remember: even if the world's greatest computer
hacker should happen to dial up your machine, if that person is stuck
at the login: prompt, the only thing that she can
do is guess usernames and passwords, hoping to hit one combination
that is correct. Unless the criminal has specifically targeted your
computer out of revenge or because of special information
that's on your system, the perpetrator is likely to
give up and try to break into another machine.
Making sure that users pick good passwords remains one of
the most important parts of running a secure computer