How to force users to change passwords in Linux?

How to force users to change passwords in Linux?

Passwords are considered the most secure form for account security. Do you want to take security measures for your password like applying a new password, the period allowed for the expiration date, and resetting the password?

Passwords have been around for almost 60 years!!

We are proving computers from 1960s mid and so, we are proud to say the password is invented from 1960. Well! We can say it is a pure invention where it shares the time and compatible mode accordingly at the Massachusetts Institute of Technology required a method to identify different people on the system. There was also a need to prevent people from seeing each other's files.

Fernando J. Corbett found a way to allot a username that should be unique for all the users.

The trouble with passwords is that they usually act as a key. The one who has the key can easily use it. If someone detects or guesses our password, that person can access your account. Passwords are the only thing to keep unauthorized people (threat actors, in cyberspace-spoke) out of your system which should be available in-universe with numerous steps of authentication.

Those remote connections made by Secure Shell (SSH) can be easily configured to use SSH keys instead of passwords and this is amazing. However, this is only a connection method and does not cover the local login.

Additionally, the management of passwords is important, as is the management of people who use those passwords.

Anatomy of a password:

Is a password good, anyway? By the way, a good password should have all the following characteristics:
  • It is impossible to guess or find out.
  • You haven't used it anywhere else
  • This data has not been included in the data breach.
The Have I Been Pead (HIBP) website has more than 10 billion sets of credentials. With high figures, chances are that someone else has used the same password that you are. This means that your password may be in the database, even if it was not your account that was broken.

If your password is on the HIBP website, it means that the actors' toughness and force attack tools are used on the list of password threats when they are trying to crack an account.

Random passwords (like 4HW @ HpJDBr% * Wt @ # b ~ aP) are practically invincible, but, of course, you'll never remember this. We highly recommend that you use a password manager for online accounts. For all your accounts online the password generation should be random and complex. You don't have to remember them - Password Manager supplies the right password for you.

For local accounts, each person must create their password. They also need to know what an acceptable password is and what is not. They will be asked not to reuse passwords on other accounts, and so on.

The policy termed as organization password policy holds all this information’s as guidelines. You are allowed to use only characters in a minimum number, combine upper and lower letters, and include symbols and punctuation, and so on.

However, according to the Carnegie Mellon University team, they suggested tricks to make your strength of the password stronger. The researchers found that the two major factors of password strength should be long in 12 characters and strong comparatively with others. They used some techniques for measuring the strength of the password by using statistics, programs like software crack, and neural networks.

A 12-character minimum may seem daunting at first. However, do not think in terms of passwords, rather, passphrases of three or four unrelated words are separated by punctuation.

For example, Expert Password Checker stated that by comparing chimney.purple.bag and chicago99 it been 400 years in million and Chicago for 42 minutes. Moreover, it has only 18 letters for easy remembrance.

Current Review Settings:

Before you change anything to do with a person's password, it makes sense to take a look at their current settings. With the password command, you can review their current settings with its -S (status) option. Note that if you have to work with another user password setting, you will also have to use sudo with a password.

1609591729013.png


1609591742340.png


Type a single line in terminal window:

1609591754128.png


You see the following pieces of information (left to right) in that curve response:
  • Login name of the person.
One of the following three possible indicators appears here:
  • P: indicates that the account has a valid, working password.
  • L: This means that the account has been closed by the owner of the root account.
  • NP: A password has not been set.
The password was last changed.

Minimum password age: The minimum period (in days) between password reset performed by the account owner. However, the owner of the root account can be changed with the other’s password. Check the value is zero then there is no restriction on the frequency of password changes.

Maximum password age: The account owner is asked to change their password when they reach this age. This value is given in days, so a value of 99,999 means that the password never expires.

Warning Period for Password change: By enforcing the password age for a maximum period so that the owners will get a reminder for password change.

Period of inactivity for the password: If a person does not access the system for a time that overlaps the deadline of resetting the password also, you cannot change the password again. The shown value is the expiration date of your password and the until then your account will inactive for several days after the expiration of the password takes by locking the account. A value of -1 deactivates the grace period.

How to set a password age in maximum?

Along with the number of days, just add –x without adding space in between.

1609591830054.png


1609591846945.png


Maybe the expiry value too changed so make a note of that carefully:

1609591867264.png


To check the value whether is 45 or not check by adding the statement –s:

1609591882391.png


1609591892181.png


So, you have taken 45 days to reset your password. You can change the password day count because it entirely depends upon you. For every seven days, you will get a reminder. If you forgot to update your new password within 45 days then this account will be blocked automatically.

How to change the password immediately?

The members who are in your network will also get an update to change the password once if you start to run the command mentioned below. Use the –e option for enrolling the command:

1609591925702.png


1609591937909.png


Again, the expired password information is displayed hereby:

1609591948572.png


Use –s option to check the next step:

1609591962602.png


The password that has to be changed is set as 1970’s first day. If you try to login into this account then it will give an update to change the password. Don’t forget to enter the current password before assigning a new password.

1609591979953.png


Do you have a situation to change the password immediately?

Nowadays, it’s a regular business practice to change their password routinely for security help. If you came to know that your password is known by others please change it immediately. But if it has a regular sequence of changing the password then it is you might prefer a weak password too. So, have a habit to mingle number or date as your requirement. It's difficult to remember the password if you change it continuously.

Here are the guidelines to create a new password:
  • Password manager: Use it for local and online accounts.
  • Involve authentication in two-steps: Please ignore this option keep a look at this continuously.
  • The passphrase should be very strong: Use punctuations or symbols to make your password unique.
  • Don’t use the same password: You know that password change is one security help. So, don’t try to use the same password.

Command “Change”:

For the usage of the password again, try using the command change. The name is taken from “change aging” and also hopes that you have used password-creation from the command passwd.

Like password –s command, you can enlist –l command too:

1609592045038.png


1609592054207.png


Solidly, you can create an expiration date for the account by using the command –E:

1609592065612.png


1609592071237.png


Again run out the below-mentioned command to check the current status:

1609592080673.png


1609592092598.png


The expiration date is changed from Never to November 30, 2020. We can set the password maximum count as –M.

1609592108993.png


1609592114223.png


Use the command –l to check the status again:

1609592122790.png


1609592128529.png


The expiration password date is fixed to 45 and so, the password expires displayed here is Dec 08, 2020.

How to make the password change for all?

The default password value is preferred once if you create an account. Set the default password range as maximum, minimum, and warning days. It stores in the “/etc/login.defs” file.

Open gedit in the file by using the command mentioned below:

1609592155164.png


1609592160901.png


Go to password aging controls by scrolling it down:

1609592170013.png


Close the file and don’t forget to save the changes. Again, the default values are set whenever you create an account. Use a script to change the expiration password change for old users. Start creates a file password-date.sh and use editor gedit.

1609592183332.png


1609592188493.png


Work on the process to close gedit and save all the changes you have done till now!

1609592199467.png


The number of days will be changed to 28 in maximum.

1609592210483.png


1609769853293.png


To check the account status run the below command:

1609769864917.png


1609769873304.png


Your account process will be displayed like below:

1609769885183.png


So, overall it’s a command that rules your account. Hope, our article will be easy looking for you to handle.
Author
bhawanisingh
Views
662
First release
Last update
Rating
0.00 star(s) 0 ratings
Top