Ask Your Question
3

What password size do you recommend for user and root in Fedora?

asked 2015-11-13 12:34:27 -0500

Ervin-Reloaded gravatar image

The installer considers a ten character password strong, sometimes a nine character password is also considered strong if it has a good mix of different symbols, and characters. Is this enough?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
4

answered 2015-11-13 13:25:38 -0500

mithrial gravatar image

This really depends against what attacker you want to secure your installation. 10-12 characters seems reasonable to me. Do not use something that could occur in a dictionary, also leet speak does not protect you. "p4ssw0rd" is not really more secure than "password".

Something like "ilikefedorabecauseitisthebestdistroicouldthinkof" may be okay.

So my advice is, use the longest possible, most complicated password (1) you can remember and (2) you can type fast, because you need it everytime for upgrading or other commands executed as root.

edit flag offensive delete link more

Comments

2

IMHO: 1.) the longer the better (12 char min)

2.) includes numbers, symbols, capital letters, and lower-case letters

3.) is not a dictionary word or a combination of dict. words.

4.) is memorable

florian gravatar imageflorian ( 2015-11-13 13:35:11 -0500 )edit

Actually, if you start out by using su or su - to become root, you can do everything you need without entering the password again. Or, of course, you can always switch to a text console, log in as root and take care of things. BTW, a friend of mine uses something similar to ThisIsAVeryVeryLongPassword for his WiFi router, because it's easy to remember.

sideburns gravatar imagesideburns ( 2015-11-13 14:15:13 -0500 )edit

Another thing: how strong the password you need depends on how much of a threat you expect and what you're protecting. If you're talking about a home computer that has nothing sensitive on it, including financial records, and you're running a reasonably secure OS, you don't need a password as strong as you do if you're protecting the main customer database for a Fortune 500 company. That doesn't mean that you don't need a good password, just that the definition of "good" is different.

sideburns gravatar imagesideburns ( 2015-11-13 14:23:33 -0500 )edit
1

One more thing: you might want to run your password past this to get an idea just how much work it would take the average attacker to find it.

sideburns gravatar imagesideburns ( 2015-11-13 15:46:28 -0500 )edit
1

Entering your password into a website is generally a bad idea, so only test it with password you certainly don't use.

mithrial gravatar imagemithrial ( 2015-11-13 16:18:46 -0500 )edit
3

answered 2015-11-13 13:37:07 -0500

florian gravatar image

image description

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2015-11-13 12:34:27 -0500

Seen: 280 times

Last updated: Nov 13 '15