Any reason to have a strong user password?

Question

I recently decided to change my (very) strong user password to something trivial.

This was mostly to eliminate frustration with typing a long password each time I sudo or whatever.

My question is, is there any reason to have a strong user password? considering that most services which I run on my box do not use PAM for auth:

apache2 - uses .htpasswd for access
sshd - only private keys allowed
transmissiond - uses its own http auth
mpd - uses its own auth
samba - limited to LAN

Physical access to the box is out of the question.

Like some other person being able to use OP's box when OP is away from keyboard? Then sticking in a Live USB and then ... — , Feb 14 '13 at 09:33

score 3 · Answer 1 · edited Apr 13 '17 at 12:23

3

The reason to have a password is the reason to have a strong or even a very strong password, one of the reasons being to protect you from unauthorized access.

If you are certain that your PC is absolutely safe that it doesn't need a password, you may want to have a look at these questions:

edited Apr 13 '17 at 12:23

Community

1

answered Feb 25 '13 at 12:09

jobin

27,708

It is much easier to have "123" password than to set different parts of Ubuntu to ask for none. – Barafu Albino Oct 16 '14 at 16:44

score 0 · Answer 2 · answered Dec 16 '21 at 21:05

If you don't run any services (like apache2) then it's not much of an issue.

If you run such services in a Virtualbox or Docker or similar situation, then you are protected (assuming you don't give those boxes access to your own computer without a strong password).

If you directly run one or more services on your main box, then you are at risk. That is, in most cases you are fine, but if the service has a door that would let a hacker penetrate your system, then a strong password may help you against that hacker by not letting them gain root access.

Of course, in many cases, a service hack directly gives root access to the hacker. In that case, whatever the password won't mater one bit. But if they gain access to PHP through your website blog (for example), they may not have much to go by to really hack your whole system. With PHP, they can already access your PHP files, read your database password (if you have it in clear, which is the case in many PHP front ends--I won't cite which ones but yeah...) and then access all the data in that database. That would include your users email address and encrypted passwords. This is an issue even in a Virtualbox or Docker situation, but at least the main computer is 99.999% safe.

Any reason to have a strong user password?

2 Answers2

Linked

Related