Debian: Force users to use more secure login password with pam_cracklib

One of the factor that makes your system easily crackable is the weak password. PAM cracklib forces users to choose stronger password by analyzing the password strength, length and entropy.

To enable pam_cracklib in Debian / Ubuntu operating system, you need to install libpam_cracklib:

sudo apt-get install libpam_cracklib

Then edit the “/etc/pam.d/common-password” file using your favorite editor. Then, add and uncomment the following line at the end of the file.

password required pam_cracklib.so retry=3 minlen=6 difok=3

difok determines the number of same characters that allowed to be present in the old and new passwords.