[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1064617: Passwords should not be changed frequently

Hi,

Holger Wansing <hwansing@mailbox.org> wrote (Mon, 04 Mar 2024 10:43:59 +0100):
> Hi,
> 
> Am 4. März 2024 06:17:31 MEZ schrieb Philip Hands <phil@hands.com>:
> >I found that there were some phrases that I was avoiding for various
> >reasons, a couple of which I see you've used, so I'll say why I was avoiding
> >them and see if I have a persuasive argument for doing so.
> >
> >"allow/deny login/access as root":
> >
> >  The problem here is that not having a password for root only prevents
> >  one from getting direct access to root by using a password. Indirect
> >  access is still available via sudo, and direct access is still
> >  available via key bassed ssh.  I was also avoiding saying things like
> >  "disable the root account" for the same reason.
> >
> >  This is why I ended up with the phrasing:
> >
> >     direct password-based logins to 'root'.
> 
> Ok, seems fair. I would change to that then.
> 
> >
> >"using the 'sudo' command":
> >
> >  This I was avoiding becuase it might give the impression that one MUST
> >  use sudo, whereas most people will actually get their root acces via a
> >  GUI prompting them for their own pasword (because it's checked that
> >  they're in the sudo group) when doing things like unlocking their
> >  network or printer settings. I thought it was worth mentining the
> >  'sudo' group explicitly because that gives something to search for if
> >  they want to find out more, but telling people they need to use the
> >  sudo command seemed like a step too far.
> 
> Correct so far. Maybe a bit more technical and therefore probably
> not the easiest choice for newbies, but I have no problem using that.
> 
> >Regarding the password advice, I ended up concluding that it's pretty
> >unlikely that anything we say at this point will have any effect on
> >people's behaviour, but then I'm probably just an old cynic. Also, I
> >failed when trying to come up with a wording which I was happy with,
> >which is why I ended up discarding the advice entirely.
> >
> >If we want to keep the password advice in then I think what you wrote is
> >(mostly) OK, although I think it implies that one should be choosing a
> >single "password" (although, not a word in any normal sense), which
> >could be argued to steer people away from the perfectly decent xkcd
> >approach of using several dictionary words. Saying "Password or
> >Passphrase" at least once would probably address that.
> 
> Ok, makes it a bit longer, but it could be worth it.
> 
> I will prepare a new patch with above.

Updated patch attached.

Holger


-- 
Holger Wansing <hwansing@mailbox.org>
PGP-Fingerprint: 496A C6E8 1442 4B34 8508  3529 59F1 87CA 156E B076

diff --git a/debian/user-setup-udeb.templates b/debian/user-setup-udeb.templates
index cdb6d78..437b9d7 100644
--- a/debian/user-setup-udeb.templates
+++ b/debian/user-setup-udeb.templates
@@ -33,22 +33,21 @@ _Description: Allow login as root?
 Template: passwd/root-password
 Type: password
 # :sl1:
-_Description: Root password:
- You need to set a password for 'root', the system administrative
- account. A malicious or unqualified user with root access can have
- disastrous results, so you should take care to choose a root password
- that is not easy to guess. It should not be a word found in dictionaries,
- or a word that could be easily associated with you.
+_Description: Root password/passphrase:
+ If you want to allow direct password-based login as root, you need to set a
+ password for 'root', the system administrative account now.
+ A malicious or unqualified user with root access can have
+ disastrous results, so you should take care to choose a root
+ password/passphrase that cannot be guessed. It should not be a word found in
+ dictionaries, or something that could be easily associated with you.
  .
- A good password will contain a mixture of letters, numbers and punctuation
- and should be changed at regular intervals.
+ You can also leave the password for root empty here, to disable the root
+ account; the system's initial user account (which will be set up in the next
+ step) will then be given the power to become root via 'sudo' (by adding it to
+ the 'sudo' group).
  .
- The root user should not have an empty password. If you leave this
- empty, the root account will be disabled and the system's initial user
- account will be given the power to become root using the "sudo"
- command.
- .
- Note that you will not be able to see the password as you type it.
+ Note that you will not be able to see the password as you type it (except if
+ you choose to show it in clear text).
 
 Template: passwd/root-password-again
 Type: password
@@ -109,9 +108,8 @@ _Description: Reserved username
 Template: passwd/user-password
 Type: password
 # :sl1:
-_Description: Choose a password for the new user:
- A good password will contain a mixture of letters, numbers and punctuation
- and should be changed at regular intervals.
+_Description: Choose a password/passphrase for the new user:
+ Make sure to select a strong password/passphrase, that cannot be guessed.
 
 Template: passwd/user-password-again
 Type: password
Reply to: