How to Change User Passwords in Debian 12 Bookworm System

Learn how to change user passwords in Debian 12 Bookworm system.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  4 minute read  

Managing user passwords is a fundamental task for system administrators and users alike. Whether you need to update your own password or reset another user’s credentials, Debian 12 Bookworm provides multiple ways to accomplish this securely and efficiently. In this guide, we will explore different methods to change passwords, covering both command-line approaches and graphical interfaces.

Understanding User Password Management in Debian

In Debian, passwords are managed through the Pluggable Authentication Module (PAM) system, which ensures secure authentication. Passwords are stored in an encrypted format within the /etc/shadow file. Only users with root or sudo privileges can modify passwords for other users.

Changing Your Own Password

If you want to change your own password, follow these steps:

Using the passwd Command

  1. Open a terminal by pressing Ctrl + Alt + T or accessing it through your system’s menu.

  2. Type the following command and press Enter:

    passwd

  3. You will be prompted to enter your current password. Type it carefully and press Enter.

  4. Next, enter your new password. Ensure it meets security requirements (at least 8 characters, with a mix of letters, numbers, and symbols).

  5. Retype the new password to confirm it.

  6. If the passwords match, you will receive a message indicating the update was successful.

Changing Another User’s Password

If you are a system administrator or have sudo privileges, you can change another user’s password using the following method:

Using the passwd Command as Root or via Sudo

  1. Open a terminal.

  2. If you are logged in as root, you can directly change another user’s password with:

    passwd username

    Replace username with the actual user’s name.

  3. If you are a sudo user, use:

    sudo passwd username

  4. You will be prompted to enter a new password for the user.

  5. Retype the new password to confirm.

  6. A success message will appear if the change was successful.

Enforcing Password Policies

To maintain security, you can enforce password policies to require strong passwords.

Checking Current Password Policies

Debian 12 uses PAM (Pluggable Authentication Modules) and libpam-pwquality for password policies. You can check the policy settings by inspecting:

sudo nano /etc/security/pwquality.conf

Key parameters include:

  • minlen=8 (Minimum length of passwords)
  • dcredit=-1 (At least one digit required)
  • ucredit=-1 (At least one uppercase letter required)
  • lcredit=-1 (At least one lowercase letter required)
  • ocredit=-1 (At least one special character required)

Adjust these values as needed to strengthen security.

Forcing Password Expiration

To ensure users change their passwords regularly, use:

sudo chage -M 90 username

This forces the user to change their password every 90 days.

You can check a user’s password expiry settings with:

sudo chage -l username

Resetting a Forgotten Password

If a user forgets their password, you can reset it using one of the following methods:

Reset via Terminal (Root or Sudo)

  1. Log in as root or a sudo user.

  2. Use the passwd command:

    sudo passwd username

  3. Enter the new password and confirm it.

  4. The password will be reset instantly.

Reset via Recovery Mode

If the user cannot log in, you can reset the password through Recovery Mode:

  1. Reboot the system and hold Shift during startup to access the GRUB menu.

  2. Select Advanced options for Debian.

  3. Choose Recovery Mode.

  4. Select Root – Drop to root shell prompt.

  5. Mount the root filesystem as writable:

    mount -o remount,rw /

  6. Change the user password:

    passwd username

  7. Reboot the system:

    reboot

Changing Passwords Using a Graphical Interface

If you prefer a GUI-based approach, follow these steps:

  1. Open Settings from the application menu.
  2. Navigate to Users.
  3. Click on the user for whom you want to change the password.
  4. Click the Password field and enter a new password.
  5. Confirm and save the changes.

Troubleshooting Password Issues

1. Error: Password Complexity Not Met

  • Ensure the new password meets the system’s complexity requirements.
  • Modify /etc/security/pwquality.conf if needed.

2. Error: Authentication Token Manipulation Error

  • Try running:

    sudo passwd username

  • Ensure the /etc/shadow file is not corrupted.

3. Forgot the Root Password

  • Use Recovery Mode as described earlier.

Conclusion

Managing passwords in Debian 12 Bookworm is a straightforward process with multiple methods available, including command-line and graphical tools. By following best practices such as enforcing strong passwords and implementing expiration policies, you can enhance system security and maintain efficient user management. Whether you’re an individual user or a system administrator, mastering these techniques will help you keep your Debian system secure and user-friendly.


< How to Add a User to the Sudoers File in Debian 12 Bookworm SystemHow to Switch Users on the Debian 12 Bookworm System >