The passwd Command

The passwd Command

As covered in the first lesson, it's imperative that you have a set of credentials in order to log in to a Unix system. Credentials consist of a username (usually assigned to you by your Unix system administrator) and a password. Although the password is generally configured by the system administrator, you can change it yourself. More specifically, if your machine is not connected to a network with other Unix computers, then you can use the passwd command to change your password.

There Are Other Ways to Change If you are not on a standalone Unix system and are connected to other systems through a network (which is a way to use wired or wireless connections to allow systems to share resources), there is a way to change your password in what is called the Network Information Service (NIS) database. The yppasswd utility changes network passwords associated with the usernames in the NIS database. Although this concept is pretty far beyond the level of knowledge covered in this book, it's important to mention in case you come across it instead of the passwd command. There are also other syntaxes for the yppasswd command, such as uypasswd for example. Because passwords may be stored on multiple machines, this utility will update your password on all systems on which you may be working. Check your local man pages for more information on using these commands.

To use the passwd command, you must first have the proper privileges to make a change. If you are not a SuperUser (su), passwd will first prompt you for your current password just to make sure you are who you say you are (this is a security measure implemented to protect your credentials), and Unix will not continue unless the correct password is entered.

After you enter your current password, you will be asked for your new password, as shown in the following example:

 >passwd Changing password for rob Old password: ***** New password: ****** Retype new password: ****** Password successfully changed 

Choose a Good Password Choosing a new password should be something that you take seriously so that you can protect access to your Unix system. Your new password should be at least six characters long and not purely alphabetic. You should use numbers as well as upper- and lowercase letters (Unix is case sensitive!) or special signs such as # or @ in your password. Doing so will help keep your password safe. Try to avoid the obvious when choosing your password. For instance, if you have pictures of your cat Fluffy all over your office or cubicle, then a password of "fluffy" is not going to keep your Unix system safe. The name of your favorite baseball team or your children's names are also bad choices for passwords unless you enjoy being a victim. Also, don't just append a 1, then a 2, and so on to your password when you are forced to change it (for example, fluffy1, fluffy2, fluffy3, and so on). Make sure you always use strong passwords and don't let anyone steal them from you; that way, you can ensure that nobody uses your passwords for improper purposes.

The passwords you type are not shown on your display as you type them; this way, if someone is looking over your shoulder, they cannot see what you type, and Unix offers no clues to your would-be attacker. In this example, asterisks (*) are used to indicate that typing has taken place. If the password change is successful, Unix indicates that with a message such as, "Password successfully changed." If not, you will see another message, most likely "Authentication Failure" if you did not supply the correct credentials needed to successfully change your password.

In some cases, Unix can keep you from choosing certain passwords if they are too short or based on words in Unix's built-in dictionary file. If your Unix machine is set up this way and you enter an unacceptable password, the passwd command usually tells you what you need to do to correct it. Choose passwords that mix letters, numbers, and letter cases and that are not based on common words.