4.Passwords
Window Working Passwords 🔒
Importance of Passwords
In this video, we're going to talk about an important part of having users on a machine, and that's working with passwords. Passwords add security to our user accounts and machines. They make it so that only Marty knows the magic secret to access your account and no one else's, not even the admin of the computer.
When setting up a password, you want to make sure that you and only you know that password. Remember, if you're managing other people's accounts on a machine, you shouldn't know what their password is. Instead, you want the user to enter the password themselves.
Resetting Passwords in the GUI 🖱️
To reset a password and the GUI, let's go back to our computer management tool. Under local users and groups, we're going to right-click on a username like this account Sarah. Let's click on "Properties" and then from here, we're just going to check this box that says, "User must change password at next login". Apply and hit "Okay". Then when the user logs into the account, they'll be forced to change their password.
If they forgot their password, you have the option to set a password for them manually by right-clicking and selecting "Set password". This has some caveats though like losing access to certain credentials.
Resetting Passwords in PowerShell 💻⚙️
To change a local password and PowerShell, we're going to use the DOS style Net command. There's a native PowerShell command that can be used to set the password but it's a little more complicated. It requires a bit of simple scripting to use. For now, we'll stick to the simpler, though less powerful Net command.
Net does lots of different things. Changing local user passwords is just one of them. Since this is an old DOS style command, you can also use the slash question mark parameter to get help on the command from the CLI.
To change a password for a user, the command is net user then the username and password. The best way to use this command is to use an asterisk instead of writing your password out on the command line. If you use an asterisk, net will pause and ask you to enter your password like so.
Why is this approach better? 🤔 Imagine you're changing your password and right at that moment, someone walks behind you and glances over your shoulder. Your password isn't a secret anymore. You should also know that in many environments, it's common that the commands that folks run on the machines they use are recorded in a log file that sent to a central logging service. So it's best that passwords of any kind are not logged in this way.
Do you notice a problem with the asterisk approach though? 🤔 That's right. If I change passwords for someone else using this command, I would know their password and that's not good. Instead, we're going to do what we did in the GUI and force the user to change the default password on their next log on using the /logonpasswordchange;yes parameter.
I'm just going to force Victor to change his password on the next log on. net user victor /logonpasswordchange;yes. The /logonpasswordchange;yes parameter means that the next time that Victor logs into this computer, he'll have to change his password. 😈 Sorry, Victor.
Changing Passwords in Linux 🐧💻
Changing Your Own Password 🔑
To change your password in Linux, all you need to do is run the passwd command. Let's try changing my password. 🔒
When you set a password, it's securely scrambled and stored in a special privileged file called /etc/shadow. This file can only be read by root to keep away prying eyes. Even if you did have access, you wouldn't be able to descramble passwords found in here. 🔒
Forcing Users to Change Passwords 🔒👥
If you're managing a computer and you want to force a standard user to change their password, like we did in Windows, you can use the -e or expire flag with passwd like this: passwd -e username.
This will immediately expire a user's password and then make them set a new password the next time they login. 🔒👨💻
Last updated