One of the simplest ways someone can access a server without authorization is by brute-forcing the root password — running an automated program to try every possible password combination (which may or may not involve using dictionary words). Thus, a few guidelines must be followed to protect your Cloud Server:
- Passwords should contain characters from at least three of the following four sets:
- Lower case letters
- Upper case letters
- Numbers
- Symbols
- Passwords should be no shorter than 9 characters, regardless of complexity.
- Passwords should not contain or be based on:
- Your username (or any usernames on the system)
- The name of the Cloud Server
- Dictionary words, even in multiples
The root password must be changed immediately upon logging in for the first time. To do this, type:
passwd
You will be prompted for your new password.