Ensure that all users are allocated a password.
Users should never share their passwords.
You can set passwords to expire after a predefined time to improve password security.
It is good practice to check regularly /etc/passwd for users with their UID set to 0.
Regularly check for invalid users.
It is good practice to disable direct root logins by configuring the /etc/default/login file. This will force users with access to root to use the su command, thus leaving an audit trail.
Check the /var/adm/sulog regularly for users attempting to gain access to the root account.
Provide users with a nonwriteable .profile if you want to try and enforce a default environment.
For users that only use a specific application, specify this instead of the shell in their password entries.
Ensure that user accounts are closed (if not deleted) when somebody leaves the company or changes job.
If you wish to temporarily prevent users from logging in, create the file /etc/nologin.