1

Assuming that no one else has physical access to my computer, assuming that I don't run any unusual services, do I still need a strong password for my Ubuntu user account (it has admin privileges)?

I've heard that any Ubuntu system connected to the Internet needs a strong password because it may somehow affect not only this particular system, but even other machines with Internet access as well (for example, it would be easier to install spambots on a machine with a weak password). Is this true? How exactly does this happen? Do I also need strong passwords on my VirtualBox test systems?

Thank you

Dexter
  • 167
  • 1
  • 9
  • You don't - see here on how to change it: http://askubuntu.com/questions/113682/how-to-change-disable-password-complexity-test-when-changing-password – Takkat Sep 04 '13 at 06:09
  • @Takkat You might want to expand that into an answer; I'm not sure what other kind of answer could be given. – Eliah Kagan Sep 04 '13 at 06:17
  • I don't know why is everyone asking "Why I need (strong) password". Stop that. Strong password is illogical 6+ character string with at least 1 number and 1 special character. –  Sep 04 '13 at 06:25
  • @ZDroid I'm not sure what you mean by that, or why you're telling people to stop asking questions about this, but these days with fast processing (including GPUs and cloud computing), it's quite easy to crack even a properly salted hash or bcrypt of any 6 character password, and under worst-cast scenarios brute-forcing over a network might even be successful for some passwords meeting your description. – Eliah Kagan Sep 04 '13 at 06:32
  • I know. But brute-forcing isn't simple thing on Linux. OK, don't need to chat about this, I don't love offtopic. :) –  Sep 04 '13 at 06:36
  • 1
    @ZDroid By definition, brute forcing is always the simplest possible way to discover passwords (not necessarily the most efficient, though!). Do you mean it's hard? There's software that makes it quite easy. – Eliah Kagan Sep 04 '13 at 06:37
  • @Takkat I've seen that question before I posted mine. Unfortunately, it doesn't really cover everything I want to know (see details to my question). – Dexter Sep 04 '13 at 07:56
  • In case you need to know a specific detail not covered by the other question I recommend you [edit] your question to make that clear. Try to only ask one single question in a post to get best answers. – Takkat Sep 04 '13 at 08:10
  • @EliahKagan I will never think that's something hard. –  Sep 04 '13 at 16:24

1 Answers1

1

The reasons to have a strong password are multiple. You can use Google in this sense. I will only note that:

  • Choosing a good password will help to keep your computer safe. If your password is easy to guess, someone may figure it out and gain access to your personal information.
  • People could even use computers to systematically try to guess your password, so even one that would be difficult for a human to guess might be extremely easy for a computer program to crack.

Even so, Ubuntu does not force you to use a strong password. By default, Ubuntu requires a minimum password length of 6 characters, but, assuming that no one else has physical access to your computer and assuming that you don't run any unusual services, you can turn off all the password prompts or you can enable auto-login or you can set a short password on Ubuntu.

Regarding the second question, I can say that I find it aberrant. So no, you didn't heard well.

Community
  • 1
Radu Rădeanu
  • 169,590
  • I admit that I didn't form the second question properly. See this thread (posts 5-8) http://ubuntuforums.org/showthread.php?t=1380102&p=9735593#post9735593. It says that the risk of something like, for example, spambots running on a user's OS may be increased if a weak password is used. – Dexter Sep 04 '13 at 09:33
  • @Dexter ...a spambot could easily be running on a system with a perfectly strong password, still affecting others on the internet. So it is not about how strong is the password. – Radu Rădeanu Sep 04 '13 at 09:51