How to Change a Password in Linux for Root and Other Users

When it comes to securing any system, including Linux, the first line of defence is a password. While passwordless SSH is a safe alternative, we still recommend that you use a password to secure your VPS.

Changing the user password in Linux on a regular basis helps to reinforce security and makes the system more difficult to breach.

This article will show you how to change the password on your server using bash Linux commands, as well as some advice on how to create a strong password.

How to Change a User Password in Linux

The first step is accessing your VPS using SSH. If you need more information, we have a complete guide on connecting to your VPS using the PuTTY SSH client. Alternatively, connect to SSH via our browser-based terminal:

The VPS information page on hPanel. The Browser terminal window is highlighted
  1. Once you’re in the command line for Linux, change password using this command:
passwd
  1. If you’re logged in not as a root user, you will need to enter your current password.
  2. After that, it will prompt you to enter the new password in the command line twice.
  3. Your password has been changed, you should see this message confirming it:
passwd: password updated successfully 

Important! If you’re logged in as a root user and don’t specify a user account, you’ll be changing the root password. Proceed with caution.

How to Change Passwords for Other Users in Linux

The bash passwd command can also change the password of another user account in the system. To do so, follow the steps above:

  1. Log in as the root user and use the passwd command followed by the user’s name.
passwd [username]

For example, if you want to change the password of a user named edward, the command will look like this:

passwd edward
  1. Next, the terminal will prompt the same request to enter the new password in the command line twice.
Enter new UNIX password:
Retype new UNIX password:
  1. Once you have updated the other user password by using the passwd command, the following output will appear:
passwd: password updated successfully

How to Change Linux User Password Without the Old One

In some cases, you need to reset the password of a regular user who forgot their password.

The easiest way to do that is to log in as a root or sudo user, as you can use the passwd [username] command to change the user password easily.

Remember that non-root sudo users will have to use the sudo passwd command instead. Plus, they will have to enter their passwords to proceed with the command.

However, the command may require the user’s forgotten password if the system uses the LDAP authentication.

For example, you want to change the old password of a regular user named edward. When you enter the sudo passwd edward command on the terminal, you’ll have to enter the user password for edward.

To solve this problem, you can copy another user’s encrypted password within the /etc/shadow file. Use this command to open the file using the Nano text editor:

nano /etc/shadow

Look for the user whose password you want to change. The encrypted password is the string of characters after the user name, between the two colons (:).

Encrypted password in the Linux /etc/shadow/file.

Find another user whose password you know. For example, you know the password for the user leon, so you can use it as a temporary password for edward. Copy the encrypted password string and use that to replace edward’s old password.

Now that the user edward has the same password as user leon, use the passwd command to set a new one:

sudo passwd edward

Enter the temporary password, and the terminal will prompt you to set a new password for edward.

Passwords and Linux

Password management in Linux involves two important files. The first is /etc/passwd, which contains all the users’ information, including the encrypted password, group ID, and home directory.

Use the cat command to see the content of /etc/passwd:

cat /etc/passwd

This file is also helpful for listing all Linux users and their details. However, it will only show their passwords as X due to security.

The second Linux file strongly related to passwords is /etc/shadow. In the shadow file, you will be able to see the encrypted user passwords, SSH key ownership, and other related information such as the last password change and password expiration date.

Use the following command to see the content of /etc/shadow:

cat /etc/shadow

The last password change and password expiration date show which users haven’t updated their passwords recently and when they need to change them.

How to Make a Secure Password for Linux

Creating a strong user password helps prevent unauthorized users from logging in to your VPS account. A strong password must be unique, long, and contain no personal information.

Having a unique password means using it exclusively for one user account. For example, your VPS password should be different from the user password for your bank account.

If you reuse the same user password for multiple accounts, it only takes one compromised account for unauthorized users to log in to other accounts. Thus, you face higher risks of losing sensitive information and suffering financial losses.

Pro Tip

Use a password manager like 1Password or LastPass to store your unique passwords safely.

In addition, create a longer user password. Ideally, it should have more than 12 characters to make it harder to crack.

You can also try using a passphrase instead of creating a password. The passphrase should contain several words to make it long enough while still easy to remember, like CloudHostingIsBestForUptime.

When creating a passphrase like this, avoid using common sentences and song lyrics, as they are easy to guess. Lastly, avoid using personal information in your passwords, such as your name, initials, birthday, and hometown.

Use special symbols and numbers instead of well-known letters. For example, 41@bAm@! = Alabama! – easy to recall, harder to crack. Another idea is to use a pattern on the keyboard instead of actual words.

However, avoid common patterns like qpzmwoxn. Mixing these two methods will give you an even stronger password.

Change your password immediately if you experience a security breach or think that your account has been compromised.

Expert Tip

One key thing to remember is that even though the complexity of a password is important, the password’s length will always outweigh its complexity.

Editor

Dominykas V.

Cyber Security Specialist

How to Set a Routine Password Change

One of the best ways to reinforce your security is to change passwords in Linux often. Unfortunately, some may overlook this and use the same password for a long time.

If you are the administrator of your Linux server, you can force other users to change their passwords. To do so, use the commands – chage and passwd with the --expire option.

Using the chage Command

The chage command changes the last password change date, password expiration date, and the limit of days between password changes.

There are several options you can use with the chage command. First, use the -l option to see the account information:

chage -l username

The output will display information like last password change, password expiration date, and the maximum number of days between password change. It should look like this:

Output of the chage -l command in Linux terminal.

You can make users change their passwords regularly by changing the maximum number of days between password changes. To do so, use the -M option in the following syntax:

chage -M [number of days] [username]

For example, when you want to change the interval to 90 days for the user edward, use this command:

chage -M 90 edward

Once the user logs in 90 days after the last password change, they will have to change the password.

Important! Make sure to use an uppercase M, as a lowercase m will change the minimum number of days between password changes.

Using the passwd –expire Command

The next method to force other users to change their passwords is the passwd command using the --expire option. It will immediately expire the user’s password and force them to create a new one when they log in.

Use the following command:

passwd --expire [username]

The user will see this prompt on their next login:

Prompt for a password change in the Linux login process.

The user must enter their current password and then create a new one to continue.

Conclusion

Passwords are crucial to protect your VPS and enhance its security. Changing passwords frequently makes your server security more robust and minimizes the risk of unauthorized access.

The Linux password change process is quite straightforward, as you have to run a simple command and enter the new password. Also, these methods work on any Linux distribution.

If you have multiple users in the system, encourage them to change their password frequently by setting the maximum time a password is valid.

Author
The author

Edward S.

Edward is a content editor with years of experience in IT writing, marketing, and Linux system administration. His goal is to encourage readers to establish an impactful online presence. He also really loves dogs, guitars, and everything related to space.

Author
The Co-author

Leonardus Nugraha

Leo is a Content Specialist and WordPress contributor. Armed with his experience as a WordPress Release Co-Lead and Documentation Team Representative, he loves sharing his knowledge to help people build successful websites. Follow him on LinkedIn.