1

During setup of my ubuntu systems after installing the system offline i open a textfile and change my sudo password by typing it into a textfile and paste it after so that i don't lock myself out by accident. My passwords are 20 characters long and have special character and everything. So my question is if this behaviour is a vulnerability as soon as the system goes online. Because of the password lenght i use to fail quite often when typing it in blind so i type it into a textfile and then paste it into the terminal also when i am online.

I was thinking that if someone would have gained acsess to my system it would make no difference if i type the password in by keyboard or first type it into a text document and then copy paste it please correct me if i am wrong.

Junior J. Garland
  • 677
  • 5
  • 15

1 Answers1

3

You're correct that if you were compromised an attacker could potentially still capture your password regardless of whether you typed it into a notepad or just into the password prompt. The issue here is that writing it into a text program may write it to disk, allowing it to be retrieved later. Writing it into the prompt should only write it into memory.

For ease of use I'd suggest using a password management tool such as Keepass or 1Password. There are many out there, but they can save your passwords and also generate random passwords for you.

theterribletrivium
  • 2,679
  • 17
  • 18