  Changing a Password
  Carole Williams, carole@redhat.com


  Good passwords are an essential part of system security.
  ______________________________________________________________________

  Table of Contents


  1. What is a Good Password?

  2. Changing a Password


  ______________________________________________________________________

  11..  WWhhaatt iiss aa GGoooodd PPaasssswwoorrdd??


  A good password is difficult to crack or guess. A password must be at
  least six characters long.  (Note that you can increase the required
  length and set other parameters for users' passwords on the Users
  Accounts--Password & Account Policies screen.) If you've chosen a good
  password, the longer it is, the more difficult it is to crack.  Only
  the first eight characters are meaningful unless your system uses MD5
  passwords.  If MD5 passwords are enabled, your system will accept
  passwords that are longer than eight characters.

  Good passwords contain a combination of letters, numbers, and special
  characters. It should use both upper case and lower case letters.
  Don't use your username, your anniversary, your social security
  number, your dog's name, your middle name or the word root.  Don't use
  any variation of a word associated with your account. Don't use a word
  that can be found in a dictionary; dictionary words are easy to crack.

  A simple technique for creating a password is to use the first letters
  from each word of a phrase that is familiar to you (a line from a
  favorite song might be appropriate).  Insert a few numbers and/or
  special characters in place of letters and you'll have a decent
  password.


  22..  CChhaannggiinngg aa PPaasssswwoorrdd


  First you'll need to type in the new password. Your system may run
  some simple tests on the password.  If it tests the password and
  determines that the password may be easy to crack, you'll get a
  message stating that the system thinks it is a bad password.  If the
  system disapproves, you shouldn't use that password.

  You'll need to type in the password twice, to make sure that you
  didn't accidentally include any typos when you typed it in the first
  time.

  When you type in your password, linuxconf won't display your password
  on the screen (you'll see a line of asterisks instead).  This
  precaution is necessary to prevent someone standing behind you from
  seeing your password.