Passwords are an important part of our daily life even we are not a technical or computer guy. Username and password are used to protect Linux systems and services by requiring authentication to access. Most of the Linux systems and distributions like Debian, Ubuntu, CentOS, etc. use the password for user authentication and authorization. Changing passwords is an important task for a regular user and system administrator. In this tutorial, we will learn how to change the Linux password and different aspects of the Linux user password.
Linux passwd Command
Even Linux provides different commands and tools in order to change user password the command passwd is the defacto standard and most popular tool to change the user password. passwd command can be used to change its own/current user, root user, and another user password. But in order to change root and another user password, you require root privileges that can be provided with the sudo command. passwd command has the following simple usage syntax.
passwd OPTIONS USERNAMEOPTIONS is used to specify different options like delete, expire, inactivate password.
USERNAME is the user name or account of the password.
Help and more information about the passwd command can be printed by using the -h or –help option like below.
$ passwd -hSelecting Strong Password
Security is an important part of today It systems and password are one of the most important parts of security. During the change of the Linux user password selecting a secure and strong password is important. While creating your password the password should be unique, easy to remember, at least 12 characters, and contain different character types like uppercase lower case letters, numbers, special signs, etc. These character types should be mixed unpredictably without losing easily memorable features. As an example, we want to create a password for the wisetut.com Linux system we can create following strong and secure passwords.
!W2i0s2e0tut._
- Use both upper and lower case letters multiple times randomly
- Use digits from 0 to 9 multiple times randomly
- Use special characters and punctuation marks like !,*?#$%;. etc.
- Do not use regular daily words without change
- Make it easy to remember but can not be guessed by others especially attackers
Change Your Own or Current User Password
Now we are ready to change our password. We will just run the passwd command which will change the current user passwd. Before asking new password current password will be asked to prevent others to change our user password.
$ passwd
You will be informed that the password for user ismail is changing. then the user password for ismail will be asked in the Current password line. For security reasons typed password characters do not show even as asterisk * to hide the password length. After successfully providing the current user password the new password will be asked with the New password: line. The new password should be different than the current password. To prevent mistakes the new password will be asked for the second time with the Retype new password: line . when the password changed successfully the passwd: password updated successfully message will be printed.
Even most of the bash shells and terminals display the current user name if you want to display the current user name you can use the whoami command from the command line.
$ whoamiChange Another/Different User Password
The passwd command can be used to change other users than current user passwords. If you are logged as root user you can directly use the passwd command and user name to change password. But if you are not root user you should use the sudo command to get root privileges. Below we assume that you are not the root user and want to change different or another users password. In this example, we will change the password of the user ahmet .
$ sudo passwd ahmetThe password change process is very same as changing your own password but in order to use the sudo command, the current user password should be provided. Also the user ahmet current password will be not asked because we change his password with root privileges.
Change root User Password
root is a special user for Linux systems which is the highest level user like and Administrator for Windows systems. We can change the root user password like another user password by using the sudo command.
$ sudo passwd root
Alternatively you can first log on as root user and then change password as curent user or owner. We will first login as root user from login screen or change to the root user with the su command like below.
$ su -
Password:
#
# passwd
New password:
Retype new password:
passwd: password updated successfully
Change Password From GUI
Linux provides different Desktop Environments for easy usage and management of the Linux system. Desktop environments like GNOME, KDE, XFCE provides graphical user management tools. You can use these tools in order to change the Linux user password. The only difference from the command line is providing graphical and novice level experience. Security requirements are the same as providing sudo or current user or root password.
Change Password For GNOME
GNOME desktop provides the Settings tool in order to manage user accounts. Open the Settings and navigate to the Users like below. The last step is clicking to the Password.
You will see the following Change Password screen where you will provide the current password, new password, and confirm new password retyping. In order to apply the change click to the Change button. GNOME password change is a bit different from a password security check than others. GNOME password change method does not accept common sequences like 123456 or abc or words password etc and also checks the length and complexity of the password more strictly then XFCE or command line passwd command.
Change Password For XFCE
XFCE provides the user settings from Applications->Settings Manager->Users and Groups then select the user you want to change the password and click to the Password: line Change button like below.
You will see the following Change User Password screen where you will provide the current password and password of the user with confirmation by retyping a new password. Alternatively, you can generate a random password with the Generate random password. In order to apply the new password simply click to the OK button.
Force Password Change In Next Login
Another useful password change method is forcing the user to change the password next login. When the user account set for password change in the next login the user will be forced to change its password after authenticating the system like changing from the command line. We will use the --expire option for the passwd command and the user name.
$ sudo passwd --expire ismailThis command will expire the user ismail password immediately and when the user tries to login with its current password it will be forced to change password.
How To Store Password Securely?
As stated previously there are a lot of passwords in our daily life. Being a system administrator or network administrator will increase this enormously. So remembering for all passwords are not feasible for human beings. You should store the Linux user passwords in different ways like writing down a paper or putting inside a text file or excel file. But none of these is a secure way to store Linux user passwords. You should use encrypted files or passwords managers in order to store Linux user passwords.
Linux User and Password Files
Linux stores the user accounts information like username, user id, default shell, etc in a file /etc/passwd . The file name passwd comes from the command passwd where in the old times the passwords were also stored inside this passwd file.
$ cat /etc/passwd
But later for security reasons, the passwords are moved into a new file /etc/shadow. Passwords are stored in a hash format in the shadow file. shadow file can be only read and change by privileged users like root or sudoers. Normal users can not even read the shadow file.
$ cat /etc/shadow
cat: /etc/shadow: Permission denied
$
$ sudo cat /etc/shadow