{{Header}}
{{Title|
title={{project_name_short}} Default Passwords
}}
{{#seo:
|description=Information about {{project_name_short}} default user and passwords.
|image=Password2781614640.jpg
}}
{{passwords_mininav}}
[[File:Password2781614640.jpg|thumb]]
{{intro|
Information about {{project_name_short}} default user and passwords.
}}
= Default Passwords =
== Current Version ==
Starting from build version 17.2.0.7
and above:
{{Default_Passwords}}
Users can [[Post_Install_Advice#Change_Passwords|change or set a password]] for security reasons if this is useful in their case based on this [[Default_Passwords#Information|Information]].
For troubleshooting, refer to [[Post_Install_Advice#Change_Keyboard_Layout|Change Keyboard Layout]] and [[Post_Install_Advice#Test_Keyboard_Layout|Test Keyboard Layout]].
== Old Versions ==
Build versions older than 17.2.0.7
:
{{mbox
| image = [[File:Ambox_notice.png|40px|alt={{project_name_short}} default admin password is: changeme]]
| text =
* '''Default username:''' {{CodeSelect|code=user}}
* '''Default password:''' {{CodeSelect|code=changeme}}
}}
This was changed in newer versions. See above.
Default passwords in old build versions remain unchanged.
= Information =
* '''Definitions:'''
** '''Single-user system:''' A single-user system is defined here as a computer that has only one human user.
** '''Multi-user system:''' A multi-user system is defined here as a shared computer that has different multiple human users.
** '''User account password:''' A password for a Linux user account such as user user
. This is used for [[Login]] into [[Desktop#Virtual_Consoles|Virtual Consoles]], graphical login manager (such as LightDM) as well as for administrative ("[[root]]") rights authentication.
** '''Disk encryption password:''' A password required early during the boot process ("pre-boot") to decrypt the hard drive.
* '''Importance of setting a user account password:'''
** '''For single-user systems:''' Not important.
** '''For multi-user systems:''' Important.
* '''Advantage of setting a user account password:'''
** [[Protection_Against_Physical_Attacks#Login_Screen|Login Screen]] password protection.
** [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]] password protection.
** Administrative ("[[root]]") rights authentication. (But this is a weak protection. See [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]] for a safer procedure.)
* '''Protect computer from unauthorized access:'''
** '''FDE:''' It is recommended to use [[Full_Disk_Encryption|Full Disk Encryption (FDE)]]. This will protect all important data on the computer once it has been powered off through encryption and require authentication early during the computer boot process using a disk encryption password. This is a much stronger protection than any user account login password. Note, that FDE requires a very strong password which can resist offline password cracking. See [[Passwords]].
** '''Screen lock:''' See [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]].
** '''BIOS password''': See [[Protection_Against_Physical_Attacks#BIOS_Password|BIOS Password]].
** '''See also: [[Protection_Against_Physical_Attacks|Protection against Physical Attacks]]'''
* '''Password strength requirements for user account password:''' If setting a user account password, how strong does it need to be? 22 truly random characters such as for example "zavtf5%/r+B`ZkKQ;g,8}{
"? (Obviously, do not use that password because it is publicly known, written on a website.) No, strong passwords for Linux account users are not required. This is because in {{project_name_short}} user accounts are locked after 50 failed login attempts. This is thanks to [[Dev/Strong_Linux_User_Account_Isolation#Online_Password_Cracking_Restrictions|Online Password Cracking Restrictions]].
* '''Unlock:''' How to unlock a user account password once the account gets locked? See [[Root#Unlock_User_Account:_Excessive_Wrong_Password_Entry_Attempts|password unlock procedure]].
* '''How to safely use sudo/root?''' See the [[root|Safely Use Root Commands]], especially [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]].
* '''Technical rationale:''' See [[Dev/Strong_Linux_User_Account_Isolation|Strong Linux User Account Isolation]].
* '''Forum discussion:''' [https://forums.whonix.org/t/whonix-default-password-changeme-impact/13115 default password (changeme) impact]
= Related =
* [[Login]]
= Footnotes =
{{Footer}}
[[Category:Documentation]]