Book HomeLearning UnixSearch this book

3.6. Changing Your Password

On most Unix systems, everyone knows (or can find) your username. When you log in, how does the system decide that you really own your account and aren't an intruder trying to break in? Unix uses your password. If anyone knows both your username and password, they can use your account--including sending email that looks as if you wrote it.[11] So you should keep your password a secret! Never write it down and leave it anywhere near your terminal.

[11] Unfortunately, it's easy to forge email, without using your computer account at all, so that no one but an expert can tell it was forged.

If you think that someone knows your password, you should probably change it right away--although, if you suspect a computer "cracker" (or "hacker") is using your account to break into your system, ask your system administrator for advice first, if possible! You should also change your password periodically; every few months is recommended.

A password should be easy for you to remember but hard for other people (or password-guessing programs!) to guess. Your system should have guidelines for secure passwords. If it doesn't, here are some suggestions. A password should be between six and eight characters long. It should not be a word in any language, your phone number, your address, or anything anyone else might know or guess that you'd use as a password. It's best to mix upper- and lowercase letters, punctuation, and numbers.

To change your password, you'll probably use either the passwd or yppasswd program from a shell prompt. After you enter the command, it prompts you to enter your password ("old password"). If the password is correct, it asks you to enter your new password--twice, to be sure there is no typing mistake. For security, neither the old nor new passwords appear as you type them.

On some systems, your password change won't take effect for some time. The change may require between a few minutes to a day.



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.