Enforce password strength-checking policy with pam_cracklib

You can enforce password strength-checking policy by installing libpam-cracklib module.

apt-get install libpam-cracklib

Edit /etc/pam.d/common-password as the following:

# The line below must be commented out
# password required pam_unix.so nullok obscure md5

password required pam_cracklib.so retry=3 minlen=8 difok=4
password required pam_unix.so use_authtok nullok md5

The cracklib PAM module provides password strength-checking, prompts for a new password with a minimum length of 8 characters, a difference of at least 4 characters from the old password, and allows 3 retries.