I have a PC running Linux. It uses full-disk encryption and that has a strong password which I have to enter before the machine boots.
When it boots, I have to enter another password to log in to my user account. I don’t share the machine with anyone. Does it matter if my user account’s password is secure? Suppose I set it to “password” - what’s the worst case? Anyone with physical access (e.g. a thief) might be thwarted by the full-disk encryption, but if they get past it they can trivially reset my password or just read the files off the disk anyway.
The only way I can see this might matter is if a remote attacker gets arbitrary code execution as my user and can then trivially get root access (“sudo blah blah”) because my user is in the sudoers file and the password is trivial to guess. This feels like it is a very small advantage though, as a) all the juicy data is held under my user anyway, so they don’t need root to access it b) they can probably find some other unpatched vulnerability to get root if they want to do more nefarious stuff.
If I then run a Linux VM on this same machine, does it matter if the password for the user(s) on that is strong? They’re all really me in practice, and I’d have thought similar arguments as above would also apply on the VMs.
TL;DR: If I re-use the same moderately secure password “SteveRIsC00l” for all my local user accounts on my PC and any VMs running on it, is this OK?
The only other potential problem I can see is if somehow a hypothetical attacker gets access as the “main” user on the host and a VM, or two of the VMs, and sees the same “non-trivial” password on both and is able to infer the user is me in both cases. This would apply to passwords like “SteveRIsC00l” or “axolotl734” - what are the chances two separate people picked those relatively random passwords? - but not “password” or “foo123” which are probably widely used. But this case feels pretty unlikely and irrelevant - any such attacker is already likely to have other means of seeing that the host and VMs are related without relying on inference from the passwords.
(Pretty much this exact question got asked earlier but no one replied. I hope it’s OK for me to ask again here.)
Personally i would STRONGLY recommend against reusing a password for something as sensitive as root access. As far as password complexity goes i have found it takes some experimenting, to find a length/randomness of password which i can consider secure, but is still memorable.
Thanks guys. Could you please expand on your advice to say what would the risks be of not following it? For example, I get why you shouldn’t reuse passwords on websites - because when there’s a data breach on website 1, someone is going to try the same username and password combination on website 2. But it isn’t obvious to me why the things you recommend not doing are bad in this specific example of an unshared Linux machine. I’m not saying they /aren’t/ bad, just that I don’t see it!
I don’t see any glaring issues with reuse strong of a password in the context of a non shared, local only system. I just don’t like to get into the habit of reusing credentials (even in technically safe situations) as it will encourage me to be lazy about credential reuse in other more meaningful areas where i can not risk it.
Sorry if this did not expand much on the risks of password reuse for local systems; i just wanted to provide more context to my original reply.
It seems pretty standard for Linux distributions to expect you to set a password for your user, so I figured it was best not to try fighting it. But in hindsight I may have been offered an option during setup not to specify one.
That said, even if the password is “password” and is openly displayed on the desktop wallpaper, there is still maybe some advantage to having a password. I assume without one, the normal user can do admin tasks without being prompted for a password. Having to type somethng in at a password prompt at least makes it more obvious when a GUI tool is using root privileges.