How to disable user accounts and enhance password authentication in Ubuntu

Instead of deleting a user account in Ubuntu , it is possible to manually disable it (lock it) or unlock it.
If an account is locked or disabled and someone tries to access it , the following message will show up :”This account is currently not available.”

Read: How to create a local user account in Windows 10

Locking a user account

In order to lock a user account, type in the following command:

sudo passwd -l the_user_name

To unlock a user account, type in:

sudo passwd -u the_user_name

Password strengthening

In order to secure user accounts a strong password is required. There is a module in PAM (Pluggable Authentication Modules) called the ‘pam_cracklib‘ that helps achieve this high level of authentication security by forcing the user to implement a complex or a strong password.

To install ‘pam_cracklib‘ , proceed as follows :

sudo apt install libpam-cracklib

Read: ‘usermod’command usage in Ubuntu/Debian : a beginner’s guide

Now for the configuration , you will need to edit the file /etc/pam.d/common-password : type in :

sudo cp /etc/pam.d/common-password /root/

sudo nano /etc/pam.d/common-password

In order now to force users to utilize strong passwords ( contain special characters , uppercase, lowercase and digits as well as punctuation) . look up the line below :

password requisite pam_cracklib.so retry=3 minlen=8 difok=3

And change it as follows :

password requisite pam_cracklib.so retry=3 minlen=16 difok=3 ucredit=-1 lcredit=-2 dcredit=-2 ocredit=-2

Where,

  • retry=3 : The user is prompted at most 3 times before an error is returned. The default is 1.
  • minlen=16 : The minimum new password size.
  • difok=3 : Defines the number of character changes between the new password and the old one..
  • ucredit=-1 : The new password must contain at least one uppercase character.
  • lcredit=-2 : The new password must have at least two lowercase characters.
  • dcredit=-2 : The new password must have at least two digits.
  • ocredit=-2 : The new password must have at least two symbols.

If you like the content, we would appreciate your support by buying us a coffee. Thank you so much for your visit and support.

 

Nikolaus Oosterhof

Nikolaus holds a degree in software development and has a strong passion for all things tech-related, especially gadgets with screens. Though he is nostalgic for older phone models, he's a retired gamer and continues to enjoy programming in open-source environments. Additionally, Nikolaus enjoys writing about Linux, macOS and Windows and has experience designing web pages.

Leave a Reply