To avoid common IBM i password security exposures, consider these best practices:
- Use Longer Passwords or Passphrases: Avoid short passwords. Set the password level (QPWDLVL) to 2 or 3 to allow passwords up to 128 characters. This enables the use of passphrases, which are harder to hack
- Enforce Complexity Rules: Implement rules that require a mix of uppercase and lowercase letters, numbers, and special characters. Use the *REQANY3 value in QPWDRULES to enforce this
- Limit Sign-On Attempts: Set the maximum sign-on attempts (QMAXSIGN) to a low number, such as 3. This prevents unauthorized users from making unlimited attempts to guess passwords
- Avoid Common Words and Personal Information: Ensure passwords are not based on easily guessable information like names, birthdays, or common words
- Regularly Update Passwords: Encourage or enforce regular password changes to minimize the risk of compromised credentials
- Monitor and Audit: Regularly monitor and audit password policies and usage to ensure compliance and identify potential security issues
By following these practices, you can significantly enhance the security of your IBM i system.