Deploying password-quality checking on your Debian-based Linux servers can help ensure that your users assign reasonably secure passwords to their accounts, but the settings themselves can be a bit misleading.
For example, setting a minimum password length of 12 characters does not necessarily mean that all your users’ passwords will actually have 12 or more characters.
Let’s stroll down Complexity Boulevard and see how the settings work and examine some that are worth considering.
The files that contain the settings we’re going to look at will be:
Source:: Network World – Linux