164

When I install the Ubuntu, I set a short password(<4). Now I want to change the other short password by "passwd" or change passphrase on "Password and Keys" program, it needs a password >4 char.

Lei Ming
  • 1,779
  • 2
    Why do u want to set a short password? That is not safe, try you change the password from root account even if you forced to do. – karthick87 Aug 25 '12 at 18:48
  • 43
    @karthick87 because my home computer is not Fort Knox. If strangers are messing with my desktop then I have bigger concerns than my computer. – Torben Gundtofte-Bruun Sep 18 '13 at 18:24
  • 8
    @karthick87 Why a short password? Ubuntu might run as a virtual machine and your virtualization software lacks copy and paste functionality for the command line of Linux guests (like Parallels desktop for Mac 8.0 does miss), then you want to access Ubuntu with a short password, or even better without a password at all. – Pro Backup Feb 12 '14 at 10:08
  • @karthick87 Fixing the parameters of what a password should be like, makes a password easier to guess and therefore less secure. – DustWolf Dec 09 '16 at 13:16
  • 2
    Why short ? My password has 1,4 GB ! - It is fun ! – dschinn1001 May 30 '19 at 15:28
  • My hard drive is encrypted and account passwords do nothing against physical access anyway. Maybe privilege escalation by running software is a valid fear, but I think retry-limits should largely protect against that. – Paul Aug 31 '20 at 19:24

6 Answers6

280

Use following command in Terminal:

sudo passwd <user>

Replace <user> with the username whose password you wish to change.

This works because passwd suppresses all checks for length or entropy when you use it as the root user.

Warning: if the target user has an encrypted home directory, this will cause problems! (see comments below)

Community
  • 1
user72421
  • 3,601
  • 1
    This does not work. It does not provide the information required. – NlightNFotis Aug 25 '12 at 19:17
  • 44
    It does work. If you are root it will not force you to fallow the password strength requirements. – user72421 Aug 25 '12 at 19:56
  • 3
    This works fine for me. I'm able to set a user's password to a using this method, on an Ubuntu 12.04 LTS system. – Eliah Kagan Sep 08 '12 at 01:35
  • 1
    This works for me too and is a much simpler solution. Ubuntu 12.10, Lubuntu 12.04 – Insperatus Jan 07 '13 at 07:38
  • On 12.04 I get the message passwd: user 'username' does not exist. I'm sure I entered user name correctly. – mmj Jun 30 '13 at 08:36
  • 14
    This will cause problems when you have an encrypted home directory, as it breaks the automatic decryption of the ecryptfs passphrase. – guntbert Jan 16 '14 at 22:37
  • 3
    @guntbert is right: Forcing the password this way the user won't be able to login again if his/her home directory is encrypted, so this is not the right solution in these cases. – fuenfundachtzig Aug 28 '14 at 08:55
  • 4
    Be aware that this doesn't update the gnome keyring, which leads to an error like "The password for the gnome keyring is not the same as the login password." – FuePi Sep 23 '15 at 08:21
  • 1
    interestingly enough, when you call passwd with no params, it asks for current password, and then prompts Bad: new password is too simple – phil294 Nov 22 '16 at 16:20
  • 1
    Works on Ubuntu 20.04! (Kinda surprised since it's been 8 years since the answer.) – John Red Nov 20 '20 at 10:43
  • Even though there is an error for palindrome passwords, the change is applied after repeating the password. – KJA Mar 11 '23 at 09:46
  • Does not work in Ubuntu >= 22, as (1) the length is defined in /etc/security/pwquality.conf and (2) the minimum length configurable is 6 - not lower. – FireEmerald Mar 28 '24 at 21:44
44

By default, Ubuntu requires a minimum password length of 6 characters, as well as some basic entropy checks. These values are controlled in the file /etc/pam.d/common-password, which is outlined below.

password        [success=2 default=ignore]      pam_unix.so obscure sha512

If you would like to adjust the minimum length to 4 characters, add the appropriate variable (minlen=4) to the end of the line. The modification is outlined below.

password        [success=2 default=ignore]      pam_unix.so obscure sha512 minlen=4

Source.

NlightNFotis
  • 2,500
  • 1
  • 16
  • 26
30

Bring up a terminal and edit /etc/pam.d/common-password

Change this line:

password    [success=1 default=ignore]  pam_unix.so obscure sha512

to:

password    [success=1 default=ignore]  pam_unix.so obscure sha512 minlen=4

Password also need a certain amount of complexity, as specified by the obscure parameter above.

password    [success=1 default=ignore]  pam_unix.so minlen=2 sha512

removes that check also.

This all presupposes that you think this is wise.

See man pam_unix

These work on my system.

John S Gruber
  • 13,336
8

In Ubuntu 18.04 none of other solutions worked for me. I had to replace both of these lines:

password    requisite                   pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 enforce_for_root lcredit=-1 ocredit=-1 reject_username ucredit=-1
password    [success=1 default=ignore]  pam_unix.so obscure use_authtok try_first_pass sha512

in /etc/pam.d/common-password with:

password    [success=1 default=ignore]  pam_unix.so minlen=2 sha512

These changes let me changed my password easily and after changing password I restored file to it's original form.

Rehan Haider
  • 271
4

To set up a simple password, I tried the simple sudo passwd username method, but it failed on my Ubuntu Server 12.04 LTS.

So I tried to remove the obscure option from /etc/pam.d/common-passwd config file, but it still failed.

So I also removed the obscure option from /usr/share/pam-configs/unix config file. And then it worked :-)

I do agree that it should be simplier, when acting as su to set up a weak password, whatever the reason why one wants to do it! A warning saying "weak password, confirm?" would be perfect...

Aditya
  • 13,416
user171987
  • 51
  • 1
  • 1
    Narrow minded people have given negative votes on this excellent answer. The reference to "obscure" in /usr/share/pam-configs/unix is very important and relevant to some situations. Just because it doesn't work for you doesn't mean it's not a good answer. Lighten up on the negative votes guys and welcome someone with a viewpoint that's different than yours! You might be better informed at the end of the day. – LMSingh Mar 08 '17 at 03:21
  • 1
    In support of user171987's answer read the page at https://wiki.ubuntu.com/PAMConfigFrameworkSpec#config_file_format . It shows how the PAM configuration works and explains the profiles and their usage. The folder pam-configs holds various configurations and "unix" is just one of them. – LMSingh Mar 08 '17 at 03:30
  • On Ubuntu 18, it looks like it's sufficient to simply remove the 'obscure' option from /etc/pam.d/common-passwd -- there's no need to overly complicate things by also editing /usr/share/pam-configs/unix – Gino Dec 17 '17 at 19:45
  • Worked for me in 20.04 Server, thank you. I removed obscure and added minlen=1, both actions were required. – Violet Giraffe Jun 01 '21 at 19:39
2

This can be done with PAM pwdfile module.

The way described here changes only the desktop login (lightdm service), but can be applied to other services as well if you wish.

Also, this allows you to have your original strong password for "sudo", while maintaining a fairly easy way to login to Ubuntu desktop.

Commands can be issued in the terminal program.

Installing the software

First, we install a software package named libpam-pwdfile:

sudo apt-get install libpam-pwdfile

Creating the user-password file

We will then create the user/password file. You will be prompted to enter a new PIN password. Your password will be encrypted and saved to a file named passwd.like

pinpass=$(mkpasswd -5)
echo "$pinpass" | sudo tee /etc/passwd.like

Alternatively, you may use: openssl passwd -1 yourpinpasswordhere and create a file named /etc/passwd.like and that password.

Setting up the desktop login service

The next step is to prepare the desktop login service to accept the PIN password before other password procedures. I've mentioned already the name of the desktop login service, lightdm.

Take a look at the file:

cat /etc/pam.d/lightdm

If you don't have this file, then your desktop (login) service is a different one, and you should find your desktop manager before going further. As explained before, this guide is for Ubuntu 16.04 but can be used for other login services as well.

It could be useful if you also create a backup:

sudo cp /etc/pam.d/lightdm /etc/pam.d/lightdm.backup

Now, you may edit the file using nano or gedit or any other text editor:

sudo gedit /etc/pam.d/lightdm

At the top of the file mine had:

#%PAM-1.0
auth    requisite       pam_nologin.so
auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
@include common-auth

I have modified it like so:

#%PAM-1.0
auth requisite pam_nologin.so
auth sufficient pam_succeed_if.so user ingroup nopasswdlogin
auth required pam_pwdfile.so pwdfile=/etc/passwd.like
auth required pam_permit.so
#@include common-auth

Save the file and close your text editor.

Log out and log back in.

You should be able to use the PIN password you set. By following this guide, the PIN password is only used for the desktop login service, not for the password of sudo commands.

Source: http://blog.radevic.com/2017/11/how-to-set-pin-password-or-short.html

Savvas Radevic
  • 7,753