Password Requirements

A program/web page/os shouldn't be telling me what my password has to be. I can decide on my own what I want my password to be. If I want my password super simple there is probably a reason. Example: Setting up a laptop for my 7yo to do schoolwork on.

I picked Zorin because it looked like it ran somewhat like Windows which would make it simple for my son to use since he knows windows well enough to get around. I don't want to get up every morning just to input a password and I also don't want to put one in every time he gets distracted and lets the computer fall asleep. I can turn of the sleep function but I prefer having it on so it isn't just running nonstop. I can't even put in his name as a mix of letters and numbers because it tells me it is a common word. (See Attachment)

I know I can go into Terminal and run $ passwd and change it by force (Which is what I had to do) but this shouldn't have to be done. If there is a setting to change the password it shouldn't limit what the password is. This is something that should be changed or if I can't decide what my password is just don't give the option to change it. I know it was set up that way for the "Standard user" but simply letting them know they have a weak password should be enough the requirement just seems insulting as though they are too stupid to decide what their password is.

Hopefully this askubuntu thread might help:

https://askubuntu.com/questions/180402/ ... ntu#180428

centartech wrote:A program/web page/os shouldn't be telling me what my password has to be. I can decide on my own what I want my password to be. If I want my password super simple there is probably a reason. Example: Setting up a laptop for my 7yo to do schoolwork on.

I picked Zorin because it looked like it ran somewhat like Windows which would make it simple for my son to use since he knows windows well enough to get around. I don't want to get up every morning just to input a password and I also don't want to put one in every time he gets distracted and lets the computer fall asleep. I can turn of the sleep function but I prefer having it on so it isn't just running nonstop. I can't even put in his name as a mix of letters and numbers because it tells me it is a common word. (See Attachment)

I know I can go into Terminal and run $ passwd and change it by force (Which is what I had to do) but this shouldn't have to be done. If there is a setting to change the password it shouldn't limit what the password is. This is something that should be changed or if I can't decide what my password is just don't give the option to change it. I know it was set up that way for the "Standard user" but simply letting them know they have a weak password should be enough the requirement just seems insulting as though they are too stupid to decide what their password is.

This really is one of the first shocks to people who are used to Windows when they try out a Linux Distro: That Linux is built more secure.

I did not actually open Swarfendors link to see what it is, I just bumbled in and started writing a post... But I assume it is a link explaining how to set up automatic login.
IF it's not then: There is such a thing as automatic login.

Instead, I would like to focus on the first statement: Security.
Anything installing to root requires a password. Same as Android on ARM, actually, but unlike droid, with Linux you have full access and control over root right off the bat. And while the droid has an assigned auto-login, you can have that here; Windows has neither. Installing toa windows machine can by done by anyone at any time from anywhere. I don't really need to go into detail as to what that means.
This layer of security ensuring User Control Only is often a shock to users unfamiliar with it and is also one of Linux's strongest points.
Passwords can be made simple. I have one that is just hitting the enter key and another that is two letters only. These machines do not connect to the net so...
BUT I do recall changing one once instead of using the one I set up at installation and the Ubuntu PW changer gave me much more strict PW requirements that the installation set up did not... I never did that again...
My son enters his own on an as needed basis. I taught him how it works and explained how a user can mess up root. He nodded his head and put his earbuds back in.
Over the course of nine months, he has messed up root:
0 times.
Over the course of nine months, I have messed up root:
Probably about fifty times...

Swarfendor437 wrote:Hopefully this askubuntu thread might help:

https://askubuntu.com/questions/180402/ ... ntu#180428

As stated in the post that is what I did. The issue is more that the option to change the pasword is there but then it wont allow the change if it isnt up to the standards of the OS.

Aravisian wrote:This really is one of the first shocks to people who are used to Windows when they try out a Linux Distro: That Linux is built more secure.

The issue isnt requiring a password. I am fine with that. The issue is the password requiremnt that it has to be a certain length or have certain characters. I know Linux I have been using it since Redhat 9 back in '03. I have never set up for simplicity though like with my 7yo. I could use a super secure pasword but it would have to be written down for him to access the computer on his own. I am merely pointing out that a password having a strength requirement doesnt make sense if you are trying to make a user friendly interface. That's why I posted this in feedback. It isnt problematic in a way it makes the OS unuseable it is only problematic because if you want a simple pasword and know nothing outside of Windows it would be annoying and not make you want to use the distro. I have used it enough to admit it is a fine tuned and well made distro but I think they are shooting for non linux users over those that know it.

centartech wrote:

Aravisian wrote:This really is one of the first shocks to people who are used to Windows when they try out a Linux Distro: That Linux is built more secure.

The issue isnt requiring a password. I am fine with that. The issue is the password requiremnt that it has to be a certain length or have certain characters. I know Linux I have been using it since Redhat 9 back in '03. I have never set up for simplicity though like with my 7yo. I could use a super secure pasword but it would have to be written down for him to access the computer on his own. I am merely pointing out that a password having a strength requirement doesnt make sense if you are trying to make a user friendly interface. That's why I posted this in feedback. It isnt problematic in a way it makes the OS unuseable it is only problematic because if you want a simple pasword and know nothing outside of Windows it would be annoying and not make you want to use the distro. I have used it enough to admit it is a fine tuned and well made distro but I think they are shooting for non linux users over those that know it.

It is an Ubuntu Feature so will be found in all Ubuntu derivatives.
I also ran into the trouble you just discovered when I went to change the password. It was quite unexpected.
There is a fix, though:
Open a terminal and enter in

Code:

sudo nano /etc/pam.d/common-password

This is where that requirement is stored.
Scroll down to the following line:

Code:

password     [success=1 default=ignore]    pam_unix.so obscure sha512

Should be near the top.

To remove the 'complixity' requirement, delete the word "obscure". To set the minimum number of characters needed, add the following to the end of tha tline

Code:

minlen=4

That number 4 I used as an example can be any number you want.
You can make it minlen=2 if you like.
So the result should look like

Code:

password     [success=1 default=ignore]    pam_unix.so sha512 minlen=4

Save and exit. Then try your password change.

Please let us know if this helps.