There are several things you can do to improve password security in your organization, in no particular order:
- Use a very strong Administrator or root password and do not share it or reuse it on any other account or system.
- Long passwords with greater than 12 characters are very strong if they are not dictionary words and contain symbol character, numbers, and both capital and lowercase letters.
- Do not reuse passwords on multiple systems with the same account name. If one system is compromized the password can be cracked and tried on other systems with the same account name.
- Establish a password policy for organization members.
- Enable strong password enforcement on Windows. On the administration console locate Local Security Policy. Select Account Policy, then Password policy, then enable Passwords must meet complexity requirements.
- Perform regular audits using L0phtCrack 7 to test the passwords in use. Even with Windows strong password enforcement users may be able to create weak passwords such as Password1.
- Restrict permissions on your Windows SAM and Unix password files.
- Restrict physical access to machines (particularly domain controllers).