As mentioned in the previous subchapter, you should change your password from the original default or assigned password to a secure password that nobody else knows. And please dont leave the new password on a sticky note attached to your computer.
This subchapter looks at passwd, a UNIX (and Linux) command.
passwd is used to change your password.
This subchapter also includes the list of the 100 worst passwords (100 most commonly used passwords).
setting your password
Type passwd followed by the ENTER or RETURN key.
You will be prompoted to give your current (old) password (to make sure it is really you) and then prompted to enter your new password twice. For security purposes, the password is typically replaced with asterisks or some other character so that nobody can read your password over your shoulder. To make sure that you have typed what you thought you typed you are asked to type the new password twice. The two copies must match before your new password replaces your old password.
The password set by passwd is your local password. On a single user system, this is probably your only password.
On Mac OS X the use of the passwd may or may not be sufficient to change your password for the entire system. This depends on which version of Mac OS X you are using. It is best to change your password using the install disc. If you do not have a copy of the install disc, there are instructions on the internet on how to manually change the password.
On a large system, there may be multiple passwords spread across multiple computers. The passwd command will only change the password on the one server that you are currently logged into (normally through SSH). You may need to use yppasswd or a web interface to change your password for the entire system.
You can check for your account or username in /etc/passwd. If its not listed there, then dont use the passwd. Check with your system administrator.
Whenever you first login into a new system, the first thing you should do is change your password. In particular, immediately change the initial root password for a new system. Leaving the initial default password is a huge security hole and hackers do try all of the standard default passwords to see if they can find an easy way into a computer. Even with a user account, it is common for initial passwords to be generated poorly and be easy for hackers to guess.
Additionally, you want to change your password on a regular basis. It only takes a few months to figure out a password through brute force attacks. Some systems require that you change your password on a regular basis. Once a month is a good time period. More often if you suspect that someone saw you typing or there is any other possibility that your password might have been compromised.
You can set up your account to remind you to change your password on a regular basis. If you are the system administrator, you can set up these reminders for everyone (and should do so). As system administrator you can even require that users change their passwords on a regular basis (or they become locked out and have to come to you to beg for re-entry). As system administrator you can also set up a system that requires (or even suggests) secure passwords.
100 most common passwords
Always avoid the common passwords. These are the most common passwords as of June 2012:
Approximately 4.7% of all users have a password of password. 8.5% have one of the top two passwords. 9.8% (nearly one tenth) have one of the three top passwords. 14% have one of the top 10 passwords. 40% have one of the top 100 passwords. 79% have one of the top 500 passwords. 91% have one of the top 1,000 passwords.
It is important to have secure passwords.
The more characters, the more secure. A minimum of six or eight characters is barely adequate.
A strong mixture of characters for a password includes at least one capital letter, at least one lower case letter, at least on digit, and at least one punctuation character. You should avoid repeating any character more than once in the same password. The special character (such as !@#$%^&*,;) should not be th efirst or last character in the password.
Avoid using any word that occurs in your own or any other natural langauge. Hackers use a dictionary attack that tries words from the dictionary. Also avoid spelling words backwards, using common misspellings, or using abbreviations. Avoid using dates that are important to you (someone can easily look up your birthday or anniversary on the world wide web). Avoid using names of family, friends, or even pets.
A technique that generates decent passwords is to use a key phrase and then use the first letter of each word in the keyword. Sprinkle in digits and special characters (punctuation) and make some of the letters upper case and some lower case.
Never use the same password for more than one purpose. People have the tendency to reuse the same password over and over. If a hacker gets your password from one system, the hacker will see if it also works on your bank account and other systems.
The super user (root) can use the passwd command to reset any other users password. There is no prompt for the current (old) password.
$ passwd username
The super user (root) can also remove a password for a specific user with the -d option. The disable option then allows the specified user to login without a password.
Coding example: I am making heavily documented and explained open source code for a method to play music for free almost any song, no subscription fees, no download costs, no advertisements, all completely legal. This is done by building a front-end to YouTube (which checks the copyright permissions for you).
Work on this project is very slow because I am homeless. I am available for work if someone can provide an indoor place to work in Costa Mesa, California, electricity, internet connections, a flat raised working surface (such as a table or desk), a sitting device (such as a chair or stool), and a fully functional reasonably modern used computer. Im already homeless, so you dont need to pay me (and I understand how much business people hate the minimum wage law). Just give me a chance to work.
Building a free downloadable text book on computer programming for university, college, community college, and high school classes in computer programming.
If you like the idea of this project, then please donate some money.
send donations to: Milo
PO Box 1361
Tustin, California 92781
At the time I am homeless. This greatly interferes with my ability to create this project, which can help nearly 20 million U.S. college students and more than 150 million students world-wide. I am looking for 30 rich people or corporations willing to donate $10 a month to my church so that the church can provide a place indoors for me to continue work. If you want to donate, please see help project. Thanks much.
Supporting the entire project:
If you have a business or organization that can support the entire cost of this project, please contact Pr Ntr Kmt (my church)
UNIX used as a generic term unless specifically used as a trademark (such as in the phrase UNIX certified). UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Ltd.
Names and logos of various OSs are trademarks of their respective owners.