Forgotten Passwords

From Info Wiki
Revision as of 22:52, 12 September 2016 by Rpeters (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

User Passwords

User passwords can be reset as follows:

  1. log in as "root"
  2. switch to user account, eg for user "fred"
  3. # su fred
  4. execute password command to change password for user "fred"
  5. $ passwd
  6. logout from root account
  7. $ exit
  8. # exit
  9. $

Root Password

Root password can be reset only via booting another Linux on the same computer - either:

  • another installed Linux
  • a utility USB/CD booted on the computer - these generally run from the root account
  1. mount the partition containing the root filesystem of the installation for which password reset is required - eg for /dev/sda10
  2. # mount /dev/sda10 /mnt
  3. change to the mounted partition
  4. # chroot /mnt
  5. execute password command to change password for user "fred"
  6. $ passwd
  7. return to booted environment
  8. # exit
  9. safely unmount installed system
  10. # umount /mnt
  11. if running from installed OS, then logout from root account

Physical Security

It will be seen from the above that any password could be changed on a computer to which physical access is obtained. Any unencrypted data could then be retrieved from such computer. It is therefore essential to:

  • prevent unwanted physical access to working computers
  • securely erase SSD/HDD storage on computers sent for disposal
  • physically destroy or securely erase unwanted removable media such as floppies, USB, SD, CD/DVD
Retrieved from "http://pcug.org.au/info/index.php?title=Forgotten_Passwords&oldid=1634"