{"id":15888,"date":"2022-01-11T05:57:29","date_gmt":"2022-01-11T05:57:29","guid":{"rendered":"https:\/\/www.hostinger.com\/tutorials\/?p=15888"},"modified":"2025-07-08T00:58:20","modified_gmt":"2025-07-08T00:58:20","slug":"how-to-change-password-in-linux","status":"publish","type":"post","link":"\/tutorials\/how-to-change-password-in-linux","title":{"rendered":"How to change password in Linux + password management tips"},"content":{"rendered":"<p>System administrators often create multiple accounts to manage a Linux virtual private server (VPS). While this feature makes collaboration simpler and more efficient, it can present security risks if you don&rsquo;t manage the accounts properly.<\/p><p>That&rsquo;s why changing user passwords in Linux is so important for VPS security. It prevents cyber criminals from accessing your server and stealing sensitive data if they obtain an account&rsquo;s old credentials.<\/p><p>This tutorial will guide you on how to change passwords in Linux via Terminal. We will also explore best practices for managing account credentials in your VPS to ensure optimal system security.&nbsp;<\/p><p>\n\n\n\n\n\n\n<\/p><h2 class=\"wp-block-heading\" id=\"h-prerequisites\">Prerequisites<\/h2><p>You need to open Terminal to change user accounts&rsquo; passwords on your Linux machine. The steps to do so differ depending on your operating system type.<\/p><p>In the desktop version, access it by pressing <strong>Ctrl + Alt + T<\/strong>. If you are using a Linux server, connect via SSH with your local computer&rsquo;s Terminal or an application like <a href=\"\/tutorials\/how-to-use-putty-ssh\">PuTTY<\/a>.<\/p><p>Alternatively, <a href=\"\/vps-hosting\">Hostinger VPS hosting<\/a> users can access their server directly from a web browser with hPanel&rsquo;s<strong> Browser termina<\/strong>l feature. Regardless of the tool, use the credentials from the <strong>SSH access<\/strong> tab on your <strong>VPS overview<\/strong> menu.<\/p><figure class=\"wp-block-image size-large\"><a class=\"hgr-tutorials-cta hgr-tutorials-cta-vps-hosting\" href=\"\/vps-hosting\" target=\"_blank\" rel=\"noreferrer noopener\"><img decoding=\"async\" width=\"1024\" height=\"300\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/public\" alt=\"\" class=\"wp-image-77934\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2023\/02\/VPS-hosting-banner.png\/w=768,fit=scale-down 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure><p>\n\n\n<div><p class=\"important\"><strong>Important!<\/strong> You will log in as <strong>root<\/strong> by default. If you want to change your own password, switch to your account user using the <strong>su<\/strong> command.<\/p><\/div>\n\n\n\n<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-change-your-own-linux-password\">How to change your own Linux password<\/h2><p>To change your current account&rsquo;s password, run the following command:<\/p><pre class=\"wp-block-preformatted\">passwd<\/pre><p>Terminal will ask for your old password to confirm the request. Once authenticated, you should see a prompt to enter the new credential.<\/p><div class=\"wp-block-image\">\n<figure data-wp-context='{\"imageId\":\"69e1ed45bfef6\"}' data-wp-interactive=\"core\/image\" class=\"aligncenter size-full wp-lightbox-container\"><img decoding=\"async\" width=\"714\" height=\"118\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-confirms-an-account-password-is-updated-successfully.png\/public\" alt=\"Terminal confirms an account password is updated successfully\" class=\"wp-image-113316\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-confirms-an-account-password-is-updated-successfully.png\/w=714,fit=scale-down 714w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-confirms-an-account-password-is-updated-successfully.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-confirms-an-account-password-is-updated-successfully.png\/w=150,fit=scale-down 150w\" sizes=\"(max-width: 714px) 100vw, 714px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>Enter your new password twice. If the change is successful, Terminal will print the &ldquo;Password updated successfully&rdquo; message. Otherwise, an error will show up, indicating the issue.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-change-another-user-s-password-as-a-root-user\">How to change another user&rsquo;s password as a root user<\/h2><p>The<strong> root<\/strong> has the highest privilege in Linux and can modify any settings, including other accounts&rsquo; passwords. To do so, switch to the account using this command:<\/p><pre class=\"wp-block-preformatted\">su root<\/pre><p>Enter your root password. Then, specify the username after the <strong>passwd <\/strong>command like the following:<\/p><pre class=\"wp-block-preformatted\">passwd username<\/pre><p>As an example, if you want to change <strong>JohnDoe<\/strong>&rsquo;s user password, use this command:<\/p><pre class=\"wp-block-preformatted\">passwd JohnDoe<\/pre><p>Since you logged in as root, you don&rsquo;t need to enter the account&rsquo;s password. If the process is successful, your command-line interface will print a confirmation message.<\/p><p>In addition to root, you can use another superuser account to change Linux passwords by adding the <strong>sudo<\/strong> prefix to your command:<\/p><pre class=\"wp-block-preformatted\">sudo passwd JohnDoe<\/pre><p>\n\n\n<div><p class=\"important\"><strong>Important!<\/strong> As a superuser, you&rsquo;re also able to change the root password. Therefore, ensure you properly <a href=\"\/tutorials\/sudo-and-the-sudoers-file\">manage sudo users<\/a> to restrict administrative access and maintain optimal system security.<\/p><\/div>\n\n\n\n<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-reset-a-forgotten-password-using-root\">How to reset a forgotten password using root<\/h2><p>You can use a superuser or the root user to reset forgotten passwords. However, it might not work if your system uses the <a href=\"https:\/\/www.redhat.com\/en\/topics\/security\/what-is-ldap-authentication\" target=\"_blank\" rel=\"noopener\">lightweight directory access protocol<\/a> (LDAP) since you must enter the old credentials.<\/p><p>To get around this, you can directly edit the user password in <strong>\/etc\/shadow<\/strong> &ndash; the file containing information about all account credentials in your system. Here&rsquo;s how to do so:<\/p><ol class=\"wp-block-list\">\n<li>Open the file by running this command:<\/li>\n<\/ol><pre class=\"wp-block-preformatted\">nano \/etc\/shadow<\/pre><ol start=\"2\" class=\"wp-block-list\">\n<li>You will see encrypted passwords after the usernames within the first two colons. Find an account whose credentials you remember.<\/li>\n\n\n\n<li>Highlight the encrypted password by pressing <strong>Shift + arrow key<\/strong>. Hit <strong>Alt + 6 t<\/strong>o copy it.&nbsp;<\/li>\n\n\n\n<li>Using the arrow keys, navigate to the account for which you want to change the password. Highlight the password and hit <strong>Delete<\/strong>.<\/li>\n\n\n\n<li>Paste the copied password by pressing<strong> Ctrl + U<\/strong>.<\/li>\n\n\n\n<li>Press <strong>Cltr + X<\/strong>, <strong>Y<\/strong>, and <strong>Enter<\/strong> to save the changes.<\/li>\n\n\n\n<li>Once you return to the main shell, enter the following command to change the user&rsquo;s password:<\/li>\n<\/ol><pre class=\"wp-block-preformatted\">passwd username<\/pre><ol start=\"8\" class=\"wp-block-list\">\n<li>Enter the temporary password you copied and fill in the new one.<\/li>\n<\/ol><p>That&rsquo;s it! If you encounter a permission issue, ensure you are logged in as root. <span style=\"margin: 0px;padding: 0px\">Remember to add&nbsp;<strong>sudo<\/strong>&nbsp;before your commands if you&rsquo;re using superuser access<\/span>.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-reset-the-root-password\">How to reset the root password<\/h2><p>You can only reset the root password with sudo. If you don&rsquo;t have access to a superuser account, recover the credential via Linux&rsquo;s <a href=\"https:\/\/www.codecademy.com\/resources\/blog\/grub-linux\/\" target=\"_blank\" rel=\"noopener\"><strong>GNU unified bootloader<\/strong><\/a><strong> <\/strong>(GRUB), which you can access by holding <strong>Esc <\/strong>or <strong>Shift<\/strong> during the system boot.<\/p><p>Since the steps to recover the root password differ depending on the Linux distro, check your operating system documentation to learn more about them. For example, the <a href=\"https:\/\/www.redhat.com\/sysadmin\/recover-root-passwd\" target=\"_blank\" rel=\"noopener\">Red Hat Enterprise Linux page<\/a> explains how to do so for CentOS and AlmaLinux.<\/p><p>However, some VPS hosting providers don&rsquo;t let users access the GRUB menu or reboot the system themselves. In this case, contact customer support for assistance.<\/p><div class=\"wp-block-image\">\n<figure data-wp-context='{\"imageId\":\"69e1ed45c0f6f\"}' data-wp-interactive=\"core\/image\" class=\"aligncenter size-full wp-lightbox-container\"><img decoding=\"async\" width=\"1460\" height=\"535\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2022\/01\/root-password-reset-on-hpanel-vps-overview.png\/public\" alt=\"The option to change root password on hPanel's VPS overview menu\" class=\"wp-image-125829\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2022\/01\/root-password-reset-on-hpanel-vps-overview.png\/w=1460,fit=scale-down 1460w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2022\/01\/root-password-reset-on-hpanel-vps-overview.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2022\/01\/root-password-reset-on-hpanel-vps-overview.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2022\/01\/root-password-reset-on-hpanel-vps-overview.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2022\/01\/root-password-reset-on-hpanel-vps-overview.png\/w=768,fit=scale-down 768w\" sizes=\"(max-width: 1460px) 100vw, 1460px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>At Hostinger, however, you can reset the root password easily via the hPanel. To do so, navigate to the <strong>VPS overview<\/strong> menu and click <strong>Change<\/strong> on the Root password. Enter the new credentials and hit <strong>Save<\/strong>.<\/p><p>Alternatively, use <a href=\"https:\/\/hostinger.com\/blog\/vps-ai-assistant\" target=\"_blank\" rel=\"noopener\">Kodee AI Assistant<\/a> to change your VPS password. Simply access the menu via your dashboard&rsquo;s left sidebar and type a prompt like &ldquo;Please change my server&rsquo;s password to YourNewPassword.&rdquo;<\/p><h2 class=\"wp-block-heading\" id=\"h-linux-password-management-best-practices\">Linux password management best practices<\/h2><p>In this section, we&rsquo;ll review some best practices to improve your Linux system&rsquo;s password security.<\/p><h3 class=\"wp-block-heading\" id=\"h-use-strong-passwords\">Use strong passwords<\/h3><p>A strong password is significantly more difficult to guess, improving your system&rsquo;s security. Hackers can crack 11-character lowercase passwords in minutes, while ones with letters and symbols <a href=\"https:\/\/tech.co\/password-managers\/how-long-hacker-crack-password\" target=\"_blank\" rel=\"noopener\">take years<\/a>.<\/p><p>Here are several tips to make a stronger password:<\/p><ul class=\"wp-block-list\">\n<li><strong>Add symbols and numbers<\/strong> &ndash; extra characters increase possible password combinations, making it more difficult to guess.&nbsp;<\/li>\n\n\n\n<li><strong>Make the password longer<\/strong> &ndash; your password should ideally be 12 characters or longer.&nbsp;<\/li>\n\n\n\n<li><strong>Always use a unique password <\/strong>&ndash; a shared credential enables cyber criminals to exploit a single entry point to access different accounts and platforms.<\/li>\n\n\n\n<li><strong>Use a passphrase<\/strong> &ndash; a passphrase is a combination of words that are easy to remember but difficult to guess, like <strong>ILikeLinuxForThePenguin<\/strong>.<\/li>\n\n\n\n<li><strong>Use password management software<\/strong> &ndash; a tool like <a href=\"https:\/\/nordpass.com\/\" target=\"_blank\" rel=\"noopener\"><strong>NordPass<\/strong><\/a> helps generate and store randomized passwords in an encrypted location.<\/li>\n<\/ul><p>\n\n\n<div class=\"protip\">\n                    <h4 class=\"title\">Pro Tip<\/h4>\n                    <p> According to experts, <a href=\"https:\/\/www.zdnet.com\/article\/how-long-is-the-perfect-password-youre-asking-the-wrong-question\/\" target=\"_blank\" rel=\"noopener\">password length is more important for security<\/a> than the complexity.<\/p>\n                <\/div>\n\n\n\n<\/p><h3 class=\"wp-block-heading\" id=\"h-set-up-a-secure-password-policy\">Set up a secure password policy<\/h3><p>Linux doesn&rsquo;t have a password requirement by default, which can be unsafe since users might set up an easy-to-guess credential. To minimize security risks, enforce a policy in your Linux system.<\/p><p>You can do so by adding the <strong>libpam-pwquality<\/strong> setting to the<strong> common-password<\/strong> file. Here are the steps:<\/p><ol class=\"wp-block-list\">\n<li>Update your system repository using this command:<\/li>\n<\/ol><pre class=\"wp-block-preformatted\">sudo apt update<\/pre><ol start=\"2\" class=\"wp-block-list\">\n<li>Install the <strong>libpam-pwquality<\/strong> module by running:<\/li>\n<\/ol><pre class=\"wp-block-preformatted\">sudo apt install libpam-pwquality<\/pre><ol start=\"3\" class=\"wp-block-list\">\n<li>Open the <strong>common-password<\/strong> file using nano:<\/li>\n<\/ol><pre class=\"wp-block-preformatted\">sudo nano \/etc\/pam.d\/common-password<\/pre><ol start=\"4\" class=\"wp-block-list\">\n<li>Add the following line at the top of the file. We will explain the setting parameters in a bit.&nbsp;<\/li>\n<\/ol><pre class=\"wp-block-preformatted\">password requisite pam_pwquality.so minlen=12 ucredit=1 lcredit=1 ocredit=1 minclass=3<\/pre><ol start=\"5\" class=\"wp-block-list\">\n<li>Add a hash (<strong>#<\/strong>) symbol at the beginning of each line to disable other settings.&nbsp;<\/li>\n\n\n\n<li>Press <strong>Ctrl + X<\/strong>, <strong>Y<\/strong>, and <strong>Enter<\/strong> to save the changes.&nbsp;<\/li>\n<\/ol><p>Now, check if the policy works by changing a user&rsquo;s password. If the new one doesn&rsquo;t fit the requirement, Terminal will print a warning message.<\/p><div class=\"wp-block-image\">\n<figure data-wp-context='{\"imageId\":\"69e1ed45c1d4a\"}' data-wp-interactive=\"core\/image\" class=\"aligncenter size-full wp-lightbox-container\"><img decoding=\"async\" width=\"1120\" height=\"114\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-warns-user-of-bad-password.png\/public\" alt=\"Terminal warns user of a bad password\" class=\"wp-image-113319\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-warns-user-of-bad-password.png\/w=1120,fit=scale-down 1120w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-warns-user-of-bad-password.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-warns-user-of-bad-password.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-warns-user-of-bad-password.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/07\/terminal-warns-user-of-bad-password.png\/w=768,fit=scale-down 768w\" sizes=\"(max-width: 1120px) 100vw, 1120px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>You can adjust the password policy by changing the parameters after <strong>pam_pwquality.so<\/strong>. Here are some of the settings and what they define:<\/p><ul class=\"wp-block-list\">\n<li><strong>minlen<\/strong> &ndash; the number of characters in a password.<\/li>\n\n\n\n<li><strong>ucredit <\/strong>&ndash; the number of uppercase letters.<\/li>\n\n\n\n<li><strong>lcredit<\/strong> &ndash; the number of lowercase letters.<\/li>\n\n\n\n<li><strong>ocredit <\/strong>&ndash; the number of other characters.<\/li>\n\n\n\n<li><strong>minclass<\/strong> &ndash; the number of minimum character types.&nbsp;<\/li>\n<\/ul><p>Check the <a href=\"https:\/\/linux.die.net\/man\/8\/pam_pwquality\" target=\"_blank\" rel=\"noopener\">pam_pwquality<\/a> module documentation to learn more about other parameters and their values.<\/p><h3 class=\"wp-block-heading\" id=\"h-audit-users-and-passwords\">Audit users and passwords<\/h3><p>The <strong>\/etc\/shadow<\/strong> file contains information about all users in your system and their password status. For example, you can identify the latest modification and expiration date.<\/p><p>Regularly check this file to ensure all users update their passwords periodically. Also, review if unauthorized accounts exist in your system, which hackers often create to infiltrate your server.<\/p><p>While you can inspect each entry manually, it will take a lot of time if your system has many users. To simplify the process, back up the file at a specific time and compare it with the current version.<\/p><p>Use a <a href=\"\/tutorials\/cron-job\">cron job<\/a> to schedule an automatic backup. Then, check for discrepancies using the<strong> diff<\/strong> command like so:<\/p><pre class=\"wp-block-preformatted\">sudo diff \/etc\/shadow_old \/etc\/shadow<\/pre><p>If you need help with writing the automation script, use the <strong>Kodee<\/strong> to generate it. Simply enter, &ldquo;Generate a cron job script that backs up the \/etc\/shadow file to shadow_DD_MM_YYYY.&rdquo;<\/p><div class=\"wp-block-image\">\n<figure data-wp-context='{\"imageId\":\"69e1ed45c2708\"}' data-wp-interactive=\"core\/image\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" width=\"2162\" height=\"1028\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-on-async--load=\"callbacks.setButtonStyles\" data-wp-on-async-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/public\" alt=\"Backup cron job script generated by Kodee AI assitant\" class=\"wp-image-117117\" srcset=\"https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/w=2162,fit=scale-down 2162w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/w=300,fit=scale-down 300w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/w=1024,fit=scale-down 1024w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/w=150,fit=scale-down 150w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/w=768,fit=scale-down 768w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/w=1536,fit=scale-down 1536w, https:\/\/imagedelivery.net\/LqiWLm-3MGbYHtFuUbcBtA\/wp-content\/uploads\/sites\/2\/2024\/10\/backup-crob-job-script-generated-by-kodee.png\/w=2048,fit=scale-down 2048w\" sizes=\"(max-width: 2162px) 100vw, 2162px\" \/><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on-async--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>We also recommend checking the activity logs for failed login attempts. To do so, print the content of the <strong>auth.log<\/strong> file using the <strong>cat<\/strong> command:<\/p><pre class=\"wp-block-preformatted\">sudo cat \/var\/log\/auth.log<\/pre><p>To check specific activity or user logs, pass the output to the <strong>grep<\/strong> command. For example, we will print entries containing the phrase &ldquo;could not identify password&rdquo; using the following:<\/p><pre class=\"wp-block-preformatted\">sudo cat \/var\/log\/auth.log | grep \"could not identify password\"<\/pre><h3 class=\"wp-block-heading\" id=\"h-set-password-expiration\">Set password expiration<\/h3><p>Updating account credentials frequently is crucial for maintaining optimal system security. You can force a password change for a specific user by setting the expiration date to zero using <strong>chage<\/strong> or <strong>passwd &ndash;expire<\/strong> commands.<\/p><p>The <strong>chage<\/strong> utility lets you change a user&rsquo;s password expiration date, the modification date, and the maximum interval between the renewal. Before modifying these details, let&rsquo;s review them using this command. Replace <strong>username<\/strong> with the account you want to check:<\/p><pre class=\"wp-block-preformatted\">sudo chage -l username<\/pre><p>To change the expiration deadline, use the <strong>-E<\/strong> option instead, followed by the date in <strong>YYYY-MM-DD<\/strong> format<\/p><pre class=\"wp-block-preformatted\">sudo chage -E 2025-12-20 username<\/pre><p>Meanwhile, use the <strong>-M<\/strong> option to set how many days are left until the password expires. For example, the following will force the user to update their credentials after <strong>90<\/strong> days:<\/p><pre class=\"wp-block-preformatted\">sudo chage -M 90 username<\/pre><p>\n\n\n<div><p class=\"important\"><strong>Important!<\/strong> Since Linux commands are case-sensitive, be careful when using <strong>-M<\/strong> and <strong>-m<\/strong>. To check other options, run <strong>chage &ndash;help<\/strong>.<\/p><\/div>\n\n\n\n<\/p><p>Alternatively, you can force a password reset using the <strong>passwd<\/strong> command:<\/p><pre class=\"wp-block-preformatted\">sudo passwd --expire username<\/pre><p>In the next login, the user will see a warning that their password has expired and they need to enter a new one. You can also do so with <strong>chage<\/strong> by setting the remaining days to zero:<\/p><pre class=\"wp-block-preformatted\">Sudo chage -M 0&nbsp;<\/pre><h2 class=\"wp-block-heading\" id=\"h-conclusion\">Conclusion<\/h2><p>Regularly changing your Linux system&rsquo;s account password helps minimize security risks. To do so, log in to your machine via Terminal or SSH, run the <strong>passwd<\/strong> command, and enter the new credential.<\/p><p>You can also change another user&rsquo;s password by logging in as <strong>root<\/strong> or a superuser and specifying their account name after the<strong> passwd <\/strong>command. It is also useful for resetting forgotten credentials.<\/p><p>To improve security, your new password should be at least 12 characters long and contain combinations of symbols. We recommend setting up a password policy in your Linux distribution by adding the rule into the <strong>\/etc\/pam.d\/common-password<\/strong> file.<\/p><p>Regularly check all accounts and their passwords by opening the<strong> \/etc\/shadow<\/strong> file to ensure the credentials are up to date. You can force Linux users to update theirs using the <strong>passwd &ndash;E<\/strong> or <strong>chage -M 0 <\/strong>command.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-change-password-in-linux-faq\">How to change password in Linux FAQ<\/h2><div class=\"schema-faq wp-block-yoast-faq-block\"><div class=\"schema-faq-section\" id=\"faq-question-1721917918384\"><h3 class=\"schema-faq-question\">How do I change my password in Linux?<\/h3> <p class=\"schema-faq-answer\">To change your current user&rsquo;s password, use the <strong>passwd<\/strong> command. Enter the current password and then the new one. To change another user&rsquo;s password, log in as <strong>root<\/strong> and run the same command followed by their username. You can also use superuser with <strong>sudo<\/strong>.&nbsp;&nbsp;<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1721917927339\"><h3 class=\"schema-faq-question\">Can I change my password from the Linux Terminal?<\/h3> <p class=\"schema-faq-answer\">Yes, you can change your account&rsquo;s password by entering Terminal and running the <strong>passwd<\/strong> command. You can access it on the desktop version by pressing <strong>Ctrl + Alt + T<\/strong>. For servers, connect via SSH using PuTTY or Hostinger <strong>Browser terminal<\/strong>.&nbsp;<\/p> <\/div> <div class=\"schema-faq-section\" id=\"faq-question-1721917931924\"><h3 class=\"schema-faq-question\">Are there any requirements for creating a new password in Linux?<\/h3> <p class=\"schema-faq-answer\">By default, Linux distributions don&rsquo;t have any requirement for a new password. However, you can set up a rule by adding the <strong>libpam-pwquality<\/strong> module to the<strong> common-password<\/strong> file. You can adjust settings like minimum characters and symbols.<\/p> <\/div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>System administrators often create multiple accounts to manage a Linux virtual private server (VPS). While this feature makes collaboration simpler [&#8230;]<\/p>\n<p><a class=\"btn btn-secondary understrap-read-more-link\" href=\"\/tutorials\/how-to-change-password-in-linux\">Read More&#8230;<\/a><\/p>\n","protected":false},"author":337,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"How to change a password in Linux","rank_math_description":"Learn how to change passwords in Linux: 1. Open terminal and run the passwd command. 2. Type in your old password. 3. Enter the new password.","rank_math_focus_keyword":"linux change password","footnotes":""},"categories":[22648,22644],"tags":[],"class_list":["post-15888","post","type-post","status-publish","format-standard","hentry","category-managing-monitoring-and-security","category-vps"],"hreflangs":[{"locale":"en-US","link":"https:\/\/www.hostinger.com\/tutorials\/how-to-change-password-in-linux","default":0},{"locale":"fr-FR","link":"https:\/\/www.hostinger.com\/fr\/tutoriels\/comment-changer-un-mot-de-passe-sur-linux","default":0},{"locale":"es-ES","link":"https:\/\/www.hostinger.com\/es\/tutoriales\/cambiar-contrasena-linux","default":0},{"locale":"id-ID","link":"https:\/\/www.hostinger.com\/id\/tutorial\/ganti-password-linux","default":0},{"locale":"en-UK","link":"https:\/\/www.hostinger.com\/uk\/tutorials\/how-to-change-password-in-linux","default":0},{"locale":"en-MY","link":"https:\/\/www.hostinger.com\/my\/tutorials\/how-to-change-a-password-in-linux","default":0},{"locale":"en-PH","link":"https:\/\/www.hostinger.com\/ph\/tutorials\/how-to-change-a-password-in-linux","default":0},{"locale":"es-MX","link":"https:\/\/www.hostinger.com\/mx\/tutoriales\/cambiar-contrasena-linux","default":0},{"locale":"es-CO","link":"https:\/\/www.hostinger.com\/co\/tutoriales\/cambiar-contrasena-linux","default":0},{"locale":"es-AR","link":"https:\/\/www.hostinger.com\/ar\/tutoriales\/cambiar-contrasena-linux","default":0},{"locale":"en-IN","link":"https:\/\/www.hostinger.com\/in\/tutorials\/how-to-change-password-in-linux","default":0},{"locale":"en-CA","link":"https:\/\/www.hostinger.com\/ca\/tutorials\/how-to-change-password-in-linux","default":0},{"locale":"en-AU","link":"https:\/\/www.hostinger.com\/au\/tutorials\/how-to-change-password-in-linux","default":0},{"locale":"en-NG","link":"https:\/\/www.hostinger.com\/ng\/tutorials\/how-to-change-password-in-linux","default":0}],"_links":{"self":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts\/15888","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/users\/337"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/comments?post=15888"}],"version-history":[{"count":43,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts\/15888\/revisions"}],"predecessor-version":[{"id":131051,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/posts\/15888\/revisions\/131051"}],"wp:attachment":[{"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/media?parent=15888"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/categories?post=15888"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostinger.com\/tutorials\/wp-json\/wp\/v2\/tags?post=15888"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}