Changing the password

**NOTE: This page applies to mLinux 4.0 or higher.**

When the device is ready to be deployed, good security practices require that the default password be changed.  The password requirements in mLinux 4 are configured in: /etc/security/pwquality.conf

If the password is changed by root, then only advice is given on the choice of a new password.  The rules are not enforced. The default is a password scoring mechanism.

There are four recognized types of characters:

  • upper case
  • lower case
  • numeric
  • and special

The more types of characters used the fewer required.  With all four character types, only six characters are required by default. There is a maximum repeated characters set to two.

A few other rules include that you:

  • Cannot repeat six of the characters in the old password when choosing a new password.
  • Are not allowed to base a password on a single dictionary word.
  • Are not allowed to use the username as the password.
  • Must choose from at least three types of characters.
  • Can use a phrase or sentence.

In /etc/security/pwquality.conf, the minlen (minimum length) value is set to 10.  But this is really a score.

Allowable Examples

An example of a phrase or sentence allowed is:

I'm fine.

The above would pass the check (provided it is not too close to the previous password).

The following would pass the check, (but again if the previous example were the current password, it would fail for being to similar to the old password):

I'm fin

A shorter version that would also work:

It's me

As with the earlier example, if the old password is I’m fin, the new password It’s me would due to similarity:

mtcdt:~$ passwd mtadm
Changing password for mtadm.
Current password: 
New password: 
BAD PASSWORD: The password is too similar to the old one
New password:

Changing the password of any user on the system:

mtcdt:~$ sudo passwd mtadm
New password: BAD PASSWORD: The password is too similar to the old one
New password: mtadm

Note that the BAD PASSWORD message is not enforced if you are running as root.