protect Linux user accounts against brute force attacks

There are bad passwords, ok passwords, good passwords, strong passwords, very strong passwords.

With only 100 attempts for bruteforcing (soon less), we don’t need strong passwords. Not 20 characters alphanumeric with special characters.
example: “JX%q'\S+e1'D>Y,L4<uW” [1]

We might get away even with almost trivial passwords. This is fantastic for usability. Very, very few users realistically typing a password such a complicated password as [1].

I wouldn’t be surprised if most users keep the password changeme.
But we could do better on usability as for guiding the user to change the password form changeme to something else, warning if the password is still the default changeme and auto starting a GUI to ask for password change.

1 Like

Please review:


Looks good to me.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]