Security is a very comprehensive field. Unfortunately, I'm not a security expert. I think it's time to learn more about it, thank you, you triggered my interest. Right now I can say:
You can have longer system wide passwords.
However, meaningless combination of 8 upper- and lowercase symbols and digits is strong enough.
Network root access should be denied and limited su (sudo) used instead.
You can limit ssh access to certain users.