-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDefault_Passwords.mw
94 lines (68 loc) · 5.43 KB
/
Default_Passwords.mw
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
{{Header}}
{{Title|
title={{project_name_short}} Default Passwords
}}
{{#seo:
|description=Information about {{project_name_short}} default user and passwords.
|image=Password2781614640.jpg
}}
{{passwords_mininav}}
[[File:Password2781614640.jpg|thumb]]
{{intro|
Information about {{project_name_short}} default user and passwords.
}}
= Introduction =
On this page we discuss default passwords for {{project_name_short}} and offer guidance and answers to common questions.
= Default Passwords for {{project_name_short}} =
== Current Version ==
Starting from build version <code>17.2.0.7</code> and above have these default settings:
{{Default_Passwords}}
Users can [[Post_Install_Advice#Change_Passwords|change or set a password]] for security reasons if this is useful in their case based on this [[Default_Passwords#Information|Information]].
For troubleshooting, refer to [[Post_Install_Advice#Change_Keyboard_Layout|Change Keyboard Layout]] and [[Post_Install_Advice#Test_Keyboard_Layout|Test Keyboard Layout]].
== Old Versions before 17.2.0.7 ==
Build versions older than <code>17.2.0.7</code> had these default settings:
{{mbox
| image = [[File:Ambox_notice.png|40px|alt={{project_name_short}} default admin password is: changeme]]
| text =
* '''Default username:''' {{CodeSelect|code=user}}
* '''Default password:''' {{CodeSelect|code=changeme}}
}}
This was changed in newer versions. See above [[#Current_Version]].
Default passwords in old build versions remain unchanged.
= Information / FAQ =
{{Collapsible
|title='''Definitions to understand topics below'''
|smallTitle=true
|content=
* '''Single-user system:''' A single-user system is defined here as a computer that has only one human user.
* '''Multi-user system:''' A multi-user system is defined here as a shared computer that has different multiple human users.
* '''User account password:''' A password for a Linux user account such as user <code>user</code>. This is used for [[Login]] into [[Desktop#Virtual_Consoles|Virtual Consoles]], graphical login manager (such as LightDM) as well as for administrative ("[[root]]") rights authentication.
* '''Disk encryption password:''' A password required early during the boot process ("pre-boot") to decrypt the hard drive.
}}
'''Importance of setting a user account password:'''
* '''For single-user systems:''' Not important.
* '''For multi-user systems:''' Important.
'''Advantage of setting a user account password:'''
* [[Protection_Against_Physical_Attacks#Login_Screen|Login Screen]] password protection.
* [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]] password protection.
* Administrative ("[[root]]") rights authentication. (But this is a weak protection. See [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]] for a safer procedure.
'''Unnecessary user account password:'''
* '''SSH''': PAM does not enable <code>PermitEmptyPasswords</code> option by default. Therefore passwordless login using SSH cannot happen. See also: [[SSH]]
'''Protect computer from unauthorized access:'''
* '''FDE:''' It is recommended to use [[Full_Disk_Encryption|Full Disk Encryption (FDE)]]. This will protect all important data on the computer once it has been powered off through encryption and require authentication early during the computer boot process using a disk encryption password. This is a much stronger protection than any user account login password. Note, that FDE requires a very strong password which can resist offline password cracking. See [[Passwords]].
* '''Virtual console:''' See [[Protection_Against_Physical_Attacks#Virtual_Consoles|Virtual Consoles]].
* '''Screen lock:''' See [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]].
* '''BIOS password''': See [[Protection_Against_Physical_Attacks#BIOS_Password|BIOS Password]].
* '''See also: [[Protection_Against_Physical_Attacks|Protection against Physical Attacks]]'''
'''Password strength requirements for user account password:''' If setting a user account password, how strong does it need to be? 22 truly random characters such as for example "<code>zavtf5%/r+B`ZkKQ;g,8}{</code>"? (Obviously, do not use that password because it is publicly known, written on a website.) No, strong passwords for Linux account users are not required. This is because in {{project_name_short}} user accounts are locked after 50 failed login attempts. This is thanks to [[Dev/Strong_Linux_User_Account_Isolation#Online_Password_Cracking_Restrictions|Online Password Cracking Restrictions]].
'''Unlock:''' How to unlock a user account password once the account gets locked? See [[Root#Unlock_User_Account:_Excessive_Wrong_Password_Entry_Attempts|password unlock procedure]].
'''How to safely use sudo/root?''' See the [[root|Safely Use Root Commands]], especially [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]].
'''Servers''': When using a remote server, setting user account passwords or locking accounts is important to prevent virtual console based logins. See [[Server_Security_Guide#User_Account_Password_Security|Server Security Guide, User Account Password Security]].
'''Technical rationale:''' See [[Dev/Strong_Linux_User_Account_Isolation|Strong Linux User Account Isolation]].
'''Forum discussion:''' [https://forums.whonix.org/t/whonix-default-password-changeme-impact/13115 default password (changeme) impact]
= Related =
* [[Login]]
= Footnotes =
<references />
{{Footer}}
[[Category:Documentation]]