Changing default Passwords

New features which should be implemented in Porteus; suggestions are welcome. All questions or problems with testing releases (alpha, beta, or rc) should go in their relevant thread here, rather than the Bug Reports section.
User avatar
Rava
Contributor
Contributor
Posts: 5401
Joined: 11 Jan 2011, 02:46
Distribution: XFCE 5.01 x86_64 + 4.0 i586
Location: Forests of Germany

Changing default Passwords

Post#1 by Rava » 13 Nov 2020, 14:18

Since the discussion about changing globally known passwords started to go off topic more and more, I decided to create a new thread.
Since I cannot move all posts out of make starting browser more obvious I fully quoted them in this post instead.

_________________________________________________________
Rava wrote:
10 Nov 2020, 03:53
Nick_Levinson wrote:
31 Oct 2020, 00:28
(and remind the user of the root password)
you know that the user can change the root password in the running system? if user did so telling him "toor" is the root password would be a mistake.

change the root password even via a script is possible- that holds the password only encrypted. here as example to set root password back to "toor":
User advice needed: welcome window at first boot for ver. 5.0 (Post by Rava #79540)
Nick_Levinson wrote:
11 Nov 2020, 03:54
Okay; the repetition is optional. However, someone who has changed the root password at that stage is likely a more sophisticated user and the message I'm proposing is more for the newbie, such as someone running Porteus from a live disc made from a downloaded official .iso file. So, the reminder could be phrased thus: "If the root password has not been changed, the default password is . . . ."

By the way, the issue you raise also raises the issue of for whom the welcome help is intended. Users who change root passwords with scripts are probably not newbies to Linux.
Rava wrote:
11 Nov 2020, 05:15
Nick_Levinson wrote:
11 Nov 2020, 03:54
the issue you raise also raises the issue of for whom the welcome help is intended. Users who change root passwords with scripts are probably not newbies to Linux.
My trick of using the data as encrypted in /etc/shadow is only one way to conveniently change the root password. Simply using passwd is a more common one. And changing root password when the one in use is widely known all across the intertubes is not that much of a sign of a expert Linux user, just common sense when one takes security seriously.
And finally the last, to which I reply in here:
Nick_Levinson wrote:
12 Nov 2020, 00:12
It is a good idea, but that's beyond newbie level. See http://brittlebit.org/security/default- ... m-now.html (which I wrote).
The Mayor of Los Angeles used to read the emails of many people. That was over a year ago. I don’t know if he ever did anything inside anyone else’s account other than read emails, like if he ever sent anything or changed settings. The city had switched to a new email provider, Gmail, and Gmail’s Google set up the accounts, giving everyone who worked for the City a default password. The same password.
That is such a high level of incompetence that I struggle deciding if one should cry about the utter lack of respect from privacy, or laugh at the sheer absurdity of stupidity rolled into one single occurrence.

But I disagree, people wanting to change the password by using the most obvious tool available - not my technique - I still consider a matter of basic sanity.
Cheers!
Yours Rava