short password and remote access security

[re4397]

I want to know if I use a short password example "0909" on my linuxmint instalation, I will have the chance to have my computer accessed remotely by some intruder?

[Cosmo.]

Yes.

The shorter the password, the lesser time is needed to find it out.

[norm.h]

I found http://www.passwordmeter.com/ very handy when compiling passwords. It points out where the weak bits are
Use a mix of upper and lower case characters, numbers and symbols.
To help me remember I use things like car numbers then adding symbols, such as this example [not one of my real passwords]
OT59_rsp% which my link says is 90% and very strong. Not infallible but a good guide.

[Pjotr]

Secure passwords are long passwords. Forget about using special symbols and other superfluous complications:
https://sites.google.com/site/easylinux ... t/password

[re4397]

linux need a pin to be moreeasy to login all times

[Pjotr]

linux need a pin to be moreeasy to login all times

Pin is much too short, so much too insecure.

[re4397]

linux need a pin to be moreeasy to login all times

Pin is much too short, so much too insecure.

Not if the system have a password for remote access and a pin just for physical login

[Cosmo.]

If you mean with PIN a 4 digit number: Far too short. That password aka PIN is also the key to get full control over the complete system. It is not only a matter of login in.

[re4397]

sorry I do not have a good english. But i want somthing like windows 10 pin

[karlchen]

Even a 4 digits PIN can be pretty safe, provided you strictly limit the number of failed tries to 3, after which - 3rd failed attempt at guessing the PIN - the account gets locked and can only be unlocked with root privileges.
As long as users permit an unlimited number of failed login attempts even the longest password can be broken in the end, because you have got all the time in the world to go on trying ...

[re4397]

Even a 4 digits PIN can be pretty safe, provided you strictly limit the number of failed tries to 3, after which - 3rd failed attempt at guessing the PIN - the account gets locked and can only be unlocked with root privileges.
As long as users permit an unlimited number of failed login attempts even the longest password can be broken in the end, because you have got all the time in the world to go on trying ...

How can i configure this?

[Cosmo.]

The old wisdom: Linux is not Windows, especially if it goes about security.

Besides that: Assumed there would be 2 passwords, one for login in (aka PIN) and one for system tasks: We see already now a number of problems, because users have forgotten their password; this happens especially for those users, who use auto-login (btw, why don't you use that?). With dividing the current password request into 2 I predict, that the number of those users will grow quickly.

[Termy]

Secure passwords are long passwords. Forget about using special symbols and other superfluous complications:
https://sites.google.com/site/easylinux ... t/password

You can have a nice big 4096-character password, but if it's just a long string of dictionary words, digits, or uppwer-case letters, it's going to be easy as pie to crack. Brute forcing passwords can be an easy task, but a matter of time. The more varied and longer the password, the longer it will take for a machine to crack; this is why just about everywhere you go, you'll be advised to have a varied password of at least a certain length. But don't just take my word for it; try it yourself.

[Pjotr]

Secure passwords are long passwords. Forget about using special symbols and other superfluous complications:
https://sites.google.com/site/easylinux ... t/password

You can have a nice big 4096-character password, but if it's just a long string of dictionary words, digits, or uppwer-case letters, it's going to be easy as pie to crack. Brute forcing passwords can be an easy task, but a matter of time. The more varied and longer the password, the longer it will take for a machine to crack; this is why just about everywhere you go, you'll be advised to have a varied password of at least a certain length. But don't just take my word for it; try it yourself.

Did you read the link in my previous message?

[re4397]

I just want that the linuxmint communit add a option to use a pin code to login the system and stay with the root and users passwords. Like windows 10

[Termy]

I just want that the linuxmint communit add a option to use a pin code to login the system and stay with the root and users passwords. Like windows 10

I appreciate that, but that would be insanely unsafe. Linux is not Windows, for very good reasons, security being one of them. Windows being a big target isn't the only reason it gets mashed so much by hackers. Still, it's Linux, so if you really wanted to, you could log in as root and never be asked for a password. lol It would be foolish though, at least IMO and the opinion of many a Linux user.

[Cosmo.]

I just want that the linuxmint communit add a option to use a pin code to login the system and stay with the root and users passwords. Like windows 10

In this case you are in the wrong board, as this not a support question, but a suggestion. A suggestion, which I would disagree out of the reasons, which I already gave.