How To Change Passwords in Linux

Change Passwords in Linux
(Image credit: Tom's Hardware)

Passwords are one of the most important aspects of computing. They keep our bank accounts, user profiles and computers safe (as long as we don’t reuse passwords). Just to log into our computers, most of us need a password and, for Linux, this is even more important.

Managing passwords via the terminal is relatively simple. Users can change their own passwords and users belonging to the sudo (super user) account can administrate the passwords of other users.

In this how-to we’ll learn the basics of passwd, a command designed to manage passwords. We will also learn a few advanced arguments for this command, arguments which will enhance its use and make our lives easier.

These commands will work on most Linux machines. Our test PC ran Kubuntu 21.10 but you can also run through this how-to on a Raspberry Pi. All of the how-to is performed via the Terminal.

How to Change your Password in Linux

Any user can change their password at any time. It is good practice to frequently change your password, and to not reuse or rotate passwords.

1. Open a terminal.

2. Type in the passwd command to start the password change process. Passwd may look like a spelling mistake, but it is the command to work with passwords on the terminal.

$ passwd

3. Type in your current password and press Enter.

4. Type in your new password, press Enter. Then type it in again to confirm that it is correct. Note that Linux will not echo (print) the password to the screen, nor will it show any asterisk indicating password length.

(Image credit: Tom's Hardware)

Change Another User's Password

If you are an administrator of many users, there will come a time where a user forgets their password and it will fall to you, or someone with sudo privileges to reset their password.

To change another user's password we use the same command, but specify the user’s name.

1. Open a terminal.

2. Type in the passwd command along with the user name. To use this command you will either need to be root, or be part of the “sudo” group. In the code example we assume that you are in the sudo group.

3. Change the user’s password, and confirm the change.

(Image credit: Tom's Hardware)

Force a Password Reset

You’ve heard that one of your users has been reusing their passwords; this is bad. So let’s give them a chance to change their password. Using the -e argument we can enforce a password reset by expiring their password.

1. Open a terminal.

2. Type in the command and pass the -e argument to expire Tom’s password.

$ sudo passwd -e tom

When Tom next logs in, the system will force Tom to change their password. Here we have simulated Tom logging in by using the “su” command to switch our user to Tom.

(Image credit: Tom's Hardware)

There may come a time when a user account will need to be temporarily locked, preventing them from logging in. For this we can use the -l argument to lock the account. Here we are locking Tom out of their account.

1. Open a terminal.

2. Use the command with the -l argument to lock Tom’s account.

$ sudo passwd -l tom

(Image credit: Tom's Hardware)

When Tom next tries to login, their password is rejected and they receive an authentication error. Here we again simulate it using su to switch users.

(Image credit: Tom's Hardware)

3. To unlock Tom’s account we use the -u switch.

$ sudo passwd -u tom

(Image credit: Tom's Hardware)

Exploring the passwd Command

The passwd command has a number of useful arguments (parameters) that we can pass when using the command. Here are some examples.

Checking the status of a user’s password is a useful tool for system administrators when it comes to audits and housekeeping. Here our test account, Tom, is audited.

Open a terminal and run the command with the -S switch. This will show the status of the account.

$ sudo passwd -S tom

(Image credit: Tom's Hardware)

The output is formatted to show

The username

Password status Locked (L), No Password (NP), Password (P)

Date of last password change

Minimum password age

Maximum password age

Warning period (the number of days given to the user to change their password before it expires)

Inactivity period (number of days after a password expires before it is locked)

If we wanted to set  the number of days for Tom’s warning period to 14 days, we would use this command.

sudo passwd -w 14 tom

(Image credit: Tom's Hardware)

If you want to list the password status for all users, then the -a switch is just the thing. This switch is used with -S to list the status of every user, even the users that you never knew existed. These extra users are used for specific tasks, such as printers and networking.

(Image credit: Tom's Hardware)

Here we can see all the users on our test machine, but the two “real” users are Les and Tom.

Les Pounder

Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".

  • PercyThePenguin
    There are two lesser known commands: chpasswd and chgpasswd which are useful for batch changing passwords since passwords are supplied to them via a text file piped to stdin