Managing Passwords

Resetting a password is the solution to the perennial “I forgot my password” problem; many Linux administrators think it’s a good idea to “expire” passwords, forcing users to change them periodically.
To reset or change a password use:

# passwd aborg

Users can also change their own passwords:

aborg@server04:~$ passwd

This command sets aborg’s password to expire after six months, with five days’ warning:

# passwd -x 180 -w 5 -i 1 aborg

To view a user’s password settings, use:

# passwd -S option

aborg P 02/18/2004 0 10 5 1

Passwords can consist of numbers, letters, and punctuation marks, and they are case-sensitive. Don’t use spaces or function keys. Strong passwords work best—this means no names, no dictionary words, no birthdays or addresses. The best way to keep track of passwords is write them down and keep them in a safe place. Most people, if they can’t remember all of their passwords, end up choosing weak, easily guessable passwords, or leaving them in obvious, insecure places (such as on a note stuck to the monitor).

Linux passwords are not designed to be recoverable. If a password is lost, the user must depend on the benevolence of the superuser to create a new one.