2

I have a laptop on which I'm the only user. While installing the laptop I was wondering why I should choose a different password for the root account and user account. My reasoning is:

  • The change of finding a valid password doubles if the user and root have different passwords. Of course the salting algorithms make sure that the same password will result in different hashes but still if one starts to guess passwords it increases the change of finding a good one.
  • The user has sudo rights so if an hacker finds the user password it can sudo and have the same powers as root. More or less the same is true if the root account is hacked.
  • I have disabled the ssh service on this laptop. There are no other ways to login from remote on this machine.
  • The filesystem is encrypted with a different password.

What are the flaws in my thought process?

Martijn de Munnik
  • 121
  • 1
  • 2
    If sudo gives you all the privileges, then having separate accounts is useless. Otherwise, if you separate the privileges, it *does* make sense to have a separate root account and it's actually a more secure setup IMO. – reed Nov 27 '20 at 11:53
  • And, in most distributions, the root user's password is not set by default. You need to set it with `sudo passwd root`. You can do all actions with `sudo`, not need for the root. – kelalaka Nov 27 '20 at 14:19
  • @kelalaka I know about the option not setting the root password. The only risk I see is when somehow you mad a error in your profile config or the the shell breaks. Then you couldn't login as a normal user anymore. With a root account with a system default shell and no profile config you could still log in and rescue your account. – Martijn de Munnik Nov 28 '20 at 09:42
  • @reed, I agree but like in the mentioned in the answer of Conor Mancone (and the xkcd comic) the most important thing to protect on your laptop is personal data. Having a sudo setup with restricted privileges doesn't add any more protection to personal data. – Martijn de Munnik Nov 28 '20 at 09:47
  • @reed For `sudo` to be able to give you the privileges of an account, you need that account to exist. I think you mean being able to log in to multiple accounts is pointless if you’re using `sudo` correctly. – Austin Hemmelgarn Nov 28 '20 at 17:32
  • For my money, a general sudo (allowing anything as root) is a security problem. The password than the one I use every day to log in, unlock screensaver, etc., which has greater chance of shoulder surfing (to take one example), should not be able to get to root. –  Dec 01 '20 at 05:59

2 Answers2

1

It's all about your own personal risk tolerance and your threat model. In short, you are worried about someone who is physically in possession of your laptop and has guessed your user password, and you want to keep them from having full admin rights. I'm having a hard time coming up with a scenario where that may actually happen, so I can't help but think that you are overthinking this. Moreover, for most personal computers, the user account is typically more critical than admin access;

https://xkcd.com/1200/

Then again, remembering two passwords isn't much harder than memorizing one, so go for it if you want. Just make sure you have a way to copy your data off the machine without needing admin credentials - you'll want to do that if you ever forget your admin credentials and need to reinstall.

Still, I might suggest an alternate solution:

Use a strong password and don't tell it to anyone

Conor Mancone
  • 29,899
  • 13
  • 91
  • 96
  • Thank you for your reply. I'm not too worried about admin rights like mentioned in the xkcd comic but more about personal data. In my case I have a different password for disk encryption so if I cannot login to my system and can move the disk to another system and mount it with that password. Main question is if it is more insecure to have two accounts with different passwords on a system (one being root) instead of two accounts with the same password? – Martijn de Munnik Nov 28 '20 at 09:51
  • Maybe the best option is to disable login for root all together like @kelalaka mentioned and in the unlikely event of locking yourself out you can place your disk in another system and repair your system. – Martijn de Munnik Nov 28 '20 at 09:53
0

Here are some reasons why it may make sense to have different passwords for user and for root.

  1. I suppose you are using the normal user account much more often than the root account. If you log in in some public places as normal user, then the probability that somebody sees your password is much higher than the probability to see your root password. Then, if in doubt, you just change you user password, but you can keep the root password. Also if you use your laptop often in public places, you may want to change password regularly, let say every 3 months. Again, in such cases it will not be needed to change also the root password. Thus it may well make sense to have different passwords.

  2. If you gave your user in sudo unlimited rights, then having 2 different passwords doesn't help. But if you limited sudo rights to some operations only, then leakage of you user's password is not as dangerous as leaking the root password. Thus it may well make sense to have different passwords

mentallurg
  • 8,536
  • 4
  • 26
  • 41