Revision of Passwords from Wed, 09/04/2024 - 04:40

The revisions let you track differences between multiple versions of a post.

This wiki describes how to change user passwords, list account informations and covers security themes.

Password strength

A strong password should be mandatory for users, who are interested in security and want to defend their privacy and maybe the privacy of others, for example your friends and colleagues.

When choosing an effective key, keep the following aspects in mind:

  • Does it contain upper and lower case characters?
  • Does it contain special characters?
  • Does it contain digits?
  • Can it be found in a dictionary? (a good password should not)
  • Does it have a appropriate length, so you don't have to note it somewhere?

Password security

The security of a password depends upon the strength of the encryption algorithm and the size of the key space.

  • The default encryption algorithm on Trisquel GNU/Linux is SHA512. (See parameter ENCRYPT_METHOD in /etc/login.defs)
  • The key space is the set of all possible keys.

Using passwd

The passwd command changes passwords for user accounts. A normal user may only change the password for their own account, while the superuser may change the password for any account. Among other other features passwd can also change the account or associated password validity period.

Changing passwords

You should change user passwords from time to time for security reasons.

To change the password of the current user, just run:

 passwd
The user is first prompted for their old password, if one is present. This password is then encrypted and compared against the stored password. The user has only one chance to enter the correct password. The superuser is permitted to bypass this step so that forgotten passwords may be changed.

After the password has been entered, password aging information is checked to see if the user is permitted to change the password at this time. If not, passwd refuses to change the password and exits.

The user is then prompted twice for a replacement password. The second entry is compared against the first and both are required to match in order for the password to be changed.

Then, the password is tested for complexity. passwd will reject any password which is not suitably complex.

As a general guideline, here entered passwords should consist of 6 to 8 characters including one or more characters from each of the following sets:

  • lower case alphabetics
  • digits 0 thru 9
  • punctuation marks

Note: For choosing a strong password, see section Password strength above.

Care must be taken not to include the system default erase or kill characters.

Display status information of accounts

To display account status information of all users on the system, run:

 sudo passwd -S -a
and for a single user:
 sudo passwd -S trisquel
  • where trisquel is the user to list.

Other features are just around the corner. For a full list of options run man passwd.

Further Reading

You can find advice on how to choose a strong password on http://en.wikipedia.org/wiki/Password_strength.

Revisions

09/04/2024 - 04:40
knife