🛡️ Account Policies Playbook
Windows (Desktop & Server)
Section titled “Windows (Desktop & Server)”- Objective: Enforce strong password requirements and lockout policies to prevent brute-force attacks.
- Tools:
secpol.msc(Local Security Policy)
- Common Actions:
- Navigate to Account Policies -> Password Policy.
- Set a secure Minimum password age.
- Set a secure Minimum password length (e.g., 12-14 characters).
- Enforce password history.
- Passwords must meet complexity requirements (enable).
- Navigate to Account Policies -> Account Lockout Policy.
- Set a secure Account lockout threshold [e.g., 5 invalid attempts](cite: 396).
- Set an Account lockout duration (e.g., 30 minutes).
Linux (Mint 21 & Ubuntu 22)
Section titled “Linux (Mint 21 & Ubuntu 22)”- Objective: Enforce strong password requirements and lockout policies.
- Tools:
Terminal
- Common Actions:
- Edit Password Age: Open
/etc/login.defs(e.g.,sudo nano /etc/login.defs). - Set a secure
PASS_MIN_DAYS[minimum password age](cite: 418). - Set a secure
PASS_MAX_DAYS(e.g., 90 days). - Edit Password Complexity: Edit the PAM configuration file.
- Run
sudo pam-auth-updateto configure complexity modules, or manually edit/etc/pam.d/common-passwordto includepam_pwquality.so. - Force Password Change: Force a new user to change their password on first login with
sudo chage -d 0 <username>.
- Edit Password Age: Open