Password Security in the Solaris OS
Users who change passwords on a frequent basis shorten the window of opportunity
for intruders to use illegally obtained passwords. Therefore, your site's security policy can
require you to change your password regularly. The Solaris OS can set content
requirements for passwords and enforce password resetting requirements. The following are possible
resetting requirements:
Minimum number of days between changes – Prevents you or anyone else from changing your password for a set number of days.
Maximum number of days between changes – Requires you to change your password after a set number of days.
Maximum number of inactive days – Locks your account after the set number of days of inactivity if the password has not been changed.
Expiration date – Requires you to change your password by a specific date.
If your administrator has implemented one of the preceding options, you are sent
an email message that warns you to change your password prior to the
cutoff date.
Passwords can have content criteria. At minimum, passwords in the Solaris OS
must meet the following criteria:
The password must be at least eight characters long.
The password must contain at least two alphabetic characters and at least one numeric character or one special character.
The new password must differ from your previous password. You cannot use a reverse or circular shift of the previous password. For this comparison, uppercase letters and lowercase letters are considered to be equal.
The new password must have at least three characters that are different from the old password. For this comparison, uppercase letters and lowercase letters are considered to be equal.
The password must be difficult to guess. Do not use a common word or a proper name. Programs and individuals who try to break into an account can use lists to try to guess users' passwords.
You can change your password by using the Change Password menu item from
the Trusted Path menu. For the steps, see Performing Trusted Actions.