4.2. Setting a Password
If you don't already have a password, we recommend you set one. Just enter the command passwd. The command will prompt you for a password and then ask you to enter it a second time to make sure you enter it without typos.
There are standard guidelines for choosing passwords so that they're hard for other people to guess. Some systems even check your password and reject any that don't meet the minimal criteria. For instance, it is often said that you should have at least six characters in the password. Furthermore, you should mix uppercase and lowercase characters or include characters other than letters and digits.
If you think it is a good idea to pick an ordinary, but rarely used word as your password, think again. There are password attack programs available that come with an English dictionary and just try all words in that dictionary in order to find the correct one so that the account can be compromised. Also, never use the account name for the password. This is sometimes called a "joe," and is likely to be the first thing a password attacker is going to try.
A good trick for choosing a good password is to take a full phrase that you can remember (maybe a line from your favorite song), and then just take the first letters. Then blend in a digit and maybe a special character. For example, if your line is I'd really like to go fishing now, your password could be Irl2gfn!. But do not use exactly this one; the fact that it has been published in this book makes it a bad password. There are even programs available (not unlikely integrated into the graphical user management tools of your distribution) that generate a random password from random characters, but of course these passwords are difficult to rememberif you have to write the password down in order to remember it, it is a bad password as well.
To change your password, just enter the passwd command again. It prompts you for your old password (to make sure you're you) and then lets you change it.