http://lists.freebsd.org/pipermail/freebsd-current/2012-June/034515.html. FreeBSD still defaults to MD5 password hashes that are known to be insecure now, consider changing the default to SHA512 as suggested in the mailing list thread I linked. You need to update the /etc/login.conf.db with cap_mkdb(8) after editing /etc/login.conf. # $EDITOR /etc/login.conf Code: ... default:\ :passwd_format=sha512:\ ... # cap_mkdb /etc/login.conf Existing password hashes are changed to SHA512 the next time the password is changed with passwd(1). New users created after this change will have SHA512 password hashes automatically.