Instead of using the default <emphasis>crypt</emphasis> method, use the more secure <emphasis>SHA-512</emphasis> method of password encryption, which also allows passwords longer than 8 characters. In addition, set the number of rounds to 500,000 instead of the default 5000, which is much too low to prevent brute force password attacks. It is also necessary to change the obsolete <filename class="directory">/var/spool/mail</filename> location for user mailboxes that Shadow uses by default to the <filename class="directory">/var/mail</filename> location used currently. And, remove <filename class="directory">/bin</filename> and <filename class="directory">/sbin</filename> from the <envar>PATH</envar>, since they are simply symlinks to their counterparts in <filename class="directory">/usr</filename>.