Re: Root password strength

To: debian-user@lists.debian.org
Subject: Re: Root password strength
From: Joe <joe@jretrading.com>
Date: Fri, 22 Mar 2024 10:56:40 +0000
Message-id: <[🔎] 20240322105640.1c998d08@jrenewsid.jretrading.com>
In-reply-to: <[🔎] CAJt2aJWJjGDxt+4BSB7PYfUaypLMBg_1RUpjC0uFEuZHy--qig@mail.gmail.com>
References: <[🔎] CAJt2aJW8na7_gkqGi8vpjiMub4TT+Mu__PfbnPYXfGwbn9+wnQ@mail.gmail.com> <[🔎] 874jd10xh1.fsf@daath.pimeys.fr> <[🔎] a42e163a-d092-4939-b8f2-b5b864bba760@home.arpa> <[🔎] CAJt2aJVydQNMEWhFSMwpqjFe3Nf4aYc76xyRPcnTnGeqZksWnA@mail.gmail.com> <[🔎] 641b082d-5bf7-f87d-4be0-8d71ca4f8a85@gmail.com> <[🔎] CAJt2aJWJjGDxt+4BSB7PYfUaypLMBg_1RUpjC0uFEuZHy--qig@mail.gmail.com>

On Fri, 22 Mar 2024 12:57:20 +0300
Jan Krapivin <daydreamer199005@gmail.com> wrote:

> чт, 21 мар. 2024 г. в 22:34, Alexander V. Makartsev
> <avbetev@gmail.com>:
> 
> > This conclusion seems less than optimal to me.
> > By condemning yourself to type 12+ character password every time you
> > 'sudo' would really hurt accessibility and usability of your home
> > computer and for no good reason.
> >
> > If we focus solely on your use case: a login security of a PC at
> > home, without remote access, then password of your sudo user could
> > be as short and simple as four numbers, of course unrelated to your
> > date of birth, phone number, or any other easily guessable sequence
> > of numbers, like '1234'. 
> 
> Are you speaking only about sudo or root password also?
> 
> The thing that bothers me are words: "*any* computer (and a fortiori
> any server) connected to the Internet
> 
> * is regularly targeted by automated connection attempts"*
> I am not tech-savvy. Can you say with 100% (90%?) confidence that
> there is no such thing? That home PC without SSH and whatever
> complicated is safe (rather safe) from "
> 
> *automated connection attempts"?*
> This thread reminded of that topic -
> https://forums.debian.net/viewtopic.php?t=154002

Most people connect to the Net through a router, usually supplied by
the ISP. By default, that router should not permit any connection
attempts. It is worth checking its configuration, in case some
'helpful' supplier has enabled uPnP 'to make it easier to play online
games'. If so, turn it off. 

Make sure router management is not permitted from the WAN side. Some
ISPs expect to be able to access the router from the Net, something
which should be discouraged.

If you haven't already, change the admin password from the default,
though you probably won't be able to change the account name.

If you use wi-fi, then use the best security your router and clients
can deal with, usually WPA2. If you don't use wi-fi, turn it off at the
router.

Really, with a router in its factory default condition, nothing from
outside should ever get as far as your computer. The problems don't
usually start until you want to run some kind of server software which
is accessible from outside, which must then be appropriately secured.

The main security issues, of course, come from connections you have
invited into your computer, malicious email and web pages. All you can
do to mitigate those threats is to be sensible and careful.

-- 
Joe

Reply to:

References:
- Root password strength
  - From: Jan Krapivin <daydreamer199005@gmail.com>
- Re: Root password strength
  - From: Pierre-Elliott Bécue <peb@debian.org>
- Re: Root password strength
  - From: Michael Kjörling <2695bd53d63c@ewoof.net>
- Re: Root password strength
  - From: Jan Krapivin <daydreamer199005@gmail.com>
- Re: Root password strength
  - From: "Alexander V. Makartsev" <avbetev@gmail.com>
- Re: Root password strength
  - From: Jan Krapivin <daydreamer199005@gmail.com>

Prev by Date: Re: Root password strength
Next by Date: THAT obvious troll thread
Previous by thread: Re: Root password strength
Next by thread: Re: Root password strength
Index(es):
- Date
- Thread