Jan Krapivin <daydreamer199...@gmail.com> wrote on 19/03/2024 at 15:42:55+0100:
> I read Debian Administrator's handbook now. And there are such words: > > The root user's password should be long (12 characters or more) and > impossible to guess. Indeed, any computer (and a fortiori any server) > connected to the Internet is regularly targeted by automated > connection attempts with the most obvious passwords. Sometimes it > may even be subject to dictionary attacks, in which many combinations > of words and numbers are tested as password. Avoid using the names > of children or parents, dates of birth, etc.: many of your co-workers > might know them, and you rarely want to give them free access to the > computer in question. > > The thing is my password is very easy now, and i haven't thought about > "automated connection attempts", that sounds rather... scary? My > password is easy because i am not afraid of direct physical access to > the computer. > > But... if there is a serious network danger, then i should change my > password of course. But how strong it should be? If we speak about > network attacks... Any machine accessible through network connection could be more exposed due to an overly simple user password. This is more true for root as it's a well-known username (no need to guess the username) and it has inherent full privileges in classic GNU/Linux distros. > it should be like 32 symbols with special symbols? Or this paragraph > in a handbook is rather paranoid? It's not paranoid. > I have activated sudo now for my regular user. Can it (password of > regular user) be less sophisticated than root password? Because it > would be rather difficult to enter 32 symbols every time i wake my PC > after suspend. Have a read at https://xkcd.com/936/ Strength of password increases far more with their length than their complexity. A phrase you will easily remember but that would be hardcore to guess through social engineering is perfect. If you're weird as I am, and used to remember 20+-character-long random password with symbols yadda yadda, then it's fine, too. Also you could invest in a security token and configure pam_u2f for root, but it seems overkill for basic users. -- PEB
signature.asc
Description: PGP signature
