Jun 07, 2023
Edward S. & Leonardus N.
How to Change a Password in Linux: Root and Other Users
A password is the first line of defense when securing any system, including Linux. While passwordless SSH is a reliable alternative, we still recommend using a password to secure your VPS.
Changing the user password in Linux frequently helps reinforce security and makes the system harder to breach.
This article will show you how to change the password on your server using bash Linux commands and provide some tips on creating a strong one.
How to Change Your User Password
The first step is accessing your VPS using SSH. If you need more information, we have a complete guide on connecting to your VPS using the PuTTY SSH client. Alternatively, connect to SSH via our browser-based terminal:
- Once you’re in the command line for Linux, change password using this command:
- If you’re logged in not as a root user, you will need to enter your current password.
- After that, it will prompt you to enter the new password in the command line twice.
- Your password has been changed, you should see this message confirming it:
passwd: password updated successfully
Important! If you’re logged in as a root user and don’t specify a user account, you’ll be changing the root password. Proceed with caution.
How to Change Passwords for Other Users
command can also change the password of another user account in the system. To do so, follow the steps above:
- Log in as the root user and use the
passwdcommand followed by the user’s name.
For example, if you want to change the password of a user named edward, the command will look like this:
- Next, the terminal will prompt the same request to enter the new password in the command line twice.
Enter new UNIX password:
Retype new UNIX password:
- Once you have updated the other user password by using the
command, the following output will appear:
passwd: password updated successfully
How to Change User Password Without the Old One
In some cases, you need to reset the password of a regular user who forgot their password.
The easiest way to do that is to log in as a root or sudo user, as you can use the
command to change the user password easily.
Remember that non-root sudo users will have to use the
command instead. Plus, they will have to enter their passwords to proceed with the command.
However, the command may require the user’s forgotten password if the system uses the LDAP authentication.
For example, you want to change the old password of a regular user named edward. When you enter the
command on the terminal, you’ll have to enter the user password for edward.
sudo passwd edward
To solve this problem, you can copy another user’s encrypted password within the /etc/shadow file. Use this command to open the file using the Nano text editor:
Look for the user whose password you want to change. The encrypted password is the string of characters after the user name, between the two colons (:).
Find another user whose password you know. For example, you know the password for the user leon, so you can use it as a temporary password for edward. Copy the encrypted password string and use that to replace edward’s old password.
Now that the user edward has the same password as user leon, use the
command to set a new one:
sudo passwd edward
Enter the temporary password, and the terminal will prompt you to set a new password for edward.
Passwords and Linux
Password management in Linux involves two important files. The first is /etc/passwd, which contains all the users’ information, including the encrypted password, group ID, and home directory.
Use the following command to see the content of /etc/passwd:
The second Linux file strongly related to passwords is /etc/shadow. In the shadow file, you will be able to see the encrypted user passwords, SSH key ownership, and other related information such as the last password change and password expiration date.
Use the following command to see the content of /etc/shadow:
The last password change and password expiration date show which users haven’t updated their passwords recently and when they need to change them.
How to Create a Strong Password
Creating a strong user password helps prevent unauthorized users from logging in to your VPS account. A strong password must be unique, long, and contain no personal information.
Having a unique password means using it exclusively for one user account. For example, your VPS password should be different from the user password for your bank account.
If you reuse the same user password for multiple accounts, it only takes one compromised account for unauthorized users to log in to other accounts. Thus, you face higher risks of losing sensitive information and suffering financial losses.
Use a password manager like 1Password or LastPass to store your unique passwords safely.
In addition, create a longer user password. Ideally, it should have more than 12 characters to make it harder to crack.
You can also try using a passphrase instead of creating a password. The passphrase should contain several words to make it long enough while still easy to remember, like CloudHostingIsBestForUptime.
When creating a passphrase like this, avoid using common sentences and song lyrics, as they are easy to guess. Lastly, avoid using personal information in your passwords, such as your name, initials, birthday, and hometown.
Use special symbols and numbers instead of well-known letters. For example, 41@bAm@! = Alabama! – easy to recall, harder to crack. Another idea is to use a pattern on the keyboard instead of actual words.
However, avoid common patterns like qpzmwoxn. Mixing these two methods will give you an even stronger password.
Change your password immediately if you experience a security breach or think that your account has been compromised.
One key thing to remember is that even though the complexity of a password is important, the password’s length will always outweigh its complexity.
Bonus: How to Set a Routine Password Change
One of the best ways to reinforce your security is to change passwords in Linux often. Unfortunately, some may overlook this and use the same password for a long time.
If you are the administrator of your Linux server, you can force other users to change their passwords. To do so, use the commands –
Using the chage Command
command changes the last password change date, password expiration date, and the limit of days between password changes.
There are several options you can use with the
command. First, use the -l option to see the account information:
chage -l username
The output will display information like last password change, password expiration date, and the maximum number of days between password change. It should look like this:
You can make users change their passwords regularly by changing the maximum number of days between password changes. To do so, use the -M option in the following syntax:
chage -M [number of days] [username]
For example, when you want to change the interval to 90 days for the user edward, use this command:
chage -M 90 edward
Once the user logs in 90 days after the last password change, they will have to change the password.
Important! Make sure to use an uppercase M, as a lowercase m will change the minimum number of days between password changes.
Using the passwd –expire Command
The next method to force other users to change their passwords is the
command using the
option. It will immediately expire the user’s password and force them to create a new one when they log in.
Use the following command:
passwd --expire [username]
The user will see this prompt on their next login:
The user must enter their current password and then create a new one to continue.
Passwords are crucial to protect your VPS and enhance its security. Changing passwords frequently makes your server security more robust and minimizes the risk of unauthorized access.
The Linux password change process is quite straightforward, as you just have to run a simple command and enter the new password. Also, these methods work on any Linux distribution.
If you have multiple users in the system, encourage them to change their password frequently by setting the maximum time a password is valid.