How to Force Users to Change Their Passwords on Linux

---

• How to Force Users to Change Their Passwords on Linux
• How to Add Folder Shortcuts to the Start Menu’s Left Sidebar on Windows 10
• How to Find Latitude and Longitude in Apple Maps
• How to Use Virtual Backgrounds in Google Meet

How to Force Users to Change Their Passwords on Linux Posted: 04 Nov 2020 08:15 AM PST Ilya Titchev/Shutterstock Passwords are the keystone to account security. We'll show you how to reset passwords, set password expiration periods, and enforce password changes on your Linux network. The Password Has Been Around for Nearly 60 Years We've been proving to computers that we are who we say we are since the mid-1960s, when the password was first introduced. Necessity being the mother of invention, the Compatible Time-Sharing System developed at the Massachusetts Institute of Technology needed a way to identify different people on the system. It also needed to prevent people from seeing each other's files. Fernando J. Corbató proposed a scheme that allocated a unique username to each person. To prove someone was who they said they were, they had to use a private, personal password to access their account. The trouble with passwords is they operate just like a key. Anyone who has a key can use it. If someone finds, guesses, or figures out your password, that person can access your account. Until multi-factor authentication is universally available, the password is the only thing keeping unauthorized people (threat actors, in cybersecurity-speak) out of your system. Remote connections made by a Secure Shell (SSH) can be configured to use SSH keys instead of passwords, and that's great. However, that's only one connection method, and it doesn't cover local logins. Clearly, the management of passwords is vital, as is the management of the people who are using those passwords. RELATED: How to Create and Install SSH Keys From the Linux Shell The Anatomy of a Password What makes a password good, anyway? Well, a good password should have all the following attributes: It's impossible to guess or figure out. You haven't used it anywhere else. It hasn't have been involved in a data breach. The Have I Been Pwned (HIBP) website contains over 10 billion sets of breached credentials. With figures that high, chances are someone else has used the same password you are. This means your password might be in the database, even though it wasn't your account that was breached. If your password is on the HIBP website, this means it's on the lists of passwords threat actors' brute-force and dictionary attack tools use when they're trying to crack an account. A truly random password (like 4HW@HpJDBr%*Wt@#b~aP) is practically invulnerable, but, of course, you'd never remember it. We highly recommend you use a password manager for online accounts. They generate complex, random passwords for all your online accounts, and you don't have to remember them—the password manager supplies the correct password for you. For local accounts, each person has to generate his or her own password. They'll also need to know what is an acceptable password and what isn't. They'll have to be told not to reuse passwords on other accounts, and so on. This information is usually in an organization's Password Policy. It instructs people to use a minimum number of characters, mix upper- and lowercase letters, include symbols and punctuation, and so on. However, according to a brand-new paper from a team at Carnegie Mellon University, all of these tricks add little or nothing to the robustness of a password. Researchers found that the two key factors for password robustness are that they're at least 12 characters long and sufficiently strong. They measured password strength using a number of software cracker programs, statistical techniques, and neural networks. A 12-character minimum might sound daunting at first. However, don't think in terms of a password, but rather, a passphrase of three or four unrelated words separated by punctuation. For example, the Experte Password Checker said it would take 42 minutes to crack "chicago99," but 400 billion years to crack "chimney.purple.bag." It's also easy to remember and type, and contains only 18 characters. RELATED: Why You Should Use a Password Manager, and How to Get Started Reviewing Current Settings Before you go changing anything to do with a person's password, it's prudent to have a look at their current settings. With the passwd command, you can review their current settings with its -S (status) option. Note that you'll also have to use sudo with passwd if you're working with someone else's password settings. We type the following: sudo passwd -S mary A single line of information is printed to the terminal window, as shown below. You see the following pieces of information (from left to right) in that curt response: The person's login name. One of the following three possible indicators appears here: P: Indicates the account has a valid, working password. L: Means the account has been locked by the owner of the root account. NP: A password hasn't been set. The date the password was last changed. Minimum password age: The minimum period of time (in days) that must elapse between password resets performed by the owner of the account. The owner of the root account, however, can always change anyone's password. If this value is 0 (zero), there isn't a restriction on the frequency of password changes. Maximum password age: The owner of the account is prompted to change his or her password when it reaches this age. This value is given in days, so a value of 99,999 means the password never expires. Password change warning period: If a maximum password age is enforced, the account owner will receive reminders to change his or her password. The first of these will be sent the number of days shown here before the reset date. Inactivity period for the password: If someone doesn't access the system for a period of time that overlaps the password reset deadline, this person's password won't be changed. This value indicates how many days the grace period is following a password expiration date. If the account remains inactive this number of days after a password expires, the account is locked. A value of -1 disables the grace period. Setting a Maximum Password Age To set a password reset period, you can use the -x (maximum days) option with a number of days. You don't leave a space between the -x and the digits, so you would type it as follows: sudo passwd -x45 mary We're told the expiry value has been changed, as shown below. Use the -S (status) option to check that the value is now 45: sudo passwd -S mary Now, in 45 days, a new password must be set for this account. Reminders will commence seven days prior to that. If a new password isn't set in time, this account will be locked immediately. Enforcing an Immediate Password Change You can also use a command so others on your network will have to change their passwords the next time they log in. To do this, you would use the -e (expire) option, as follows: sudo passwd -e mary We're then told the password expiry information has changed. Let's check with the -S option and see what's happened: sudo passwd -S mary The date of the last password change is set to the first day of 1970. The next time this person tries to log in, he or she will have to change their password. They must also provide their current password before they can type a new one. Should You Enforce Password Changes? Forcing people to change their passwords regularly used to be common sense. It was one of the routine security steps for most installations and considered a good business practice. The thinking now is the polar opposite. In the U.K., the National Cyber Security Centre strongly advises against enforcing regular password renewals, and the National Institute of Standards and Technology in the U.S. agrees. Both organizations recommend enforcing a password change only if you know or suspect an existing one is known by others. Forcing people to change their passwords becomes monotonous and encourages weak passwords. People usually start reusing a base password with a date or other number tagged onto it. Or, they'll write them down because they have to change them so often, they can't remember them. The two organizations we mentioned above recommend the following guidelines for password security: Use a password manager: For both online and local accounts. Turn on two-factor authentication: Wherever this is an option, use it. Use a strong passphrase: An excellent alternative for those accounts that won't work with a password manager. Three or more words separated by punctuation or symbols is a good template to follow. Never reuse a password: Avoid using the same password you use for another account, and definitely don't use one listed on Have I Been Pwned. The tips above will allow you to establish a secure means to access your accounts. Once you have these guidelines in place, stick with them. Why change your password if it's strong and secure? If it falls into the wrong hands—or you suspect that it has—you can change it then. Sometimes, this decision is out of your hands, though. If the powers that be enforce password changes, you don't have much choice. You can plead your case and make your position known, but unless you're the boss, you'll have to follow company policy. RELATED: Should You Change Your Passwords Regularly? The chage Command You can use the chage command to change the settings regarding password aging. This command gets its name from "change aging." It's like the passwd command with the password-creation elements removed. The -l (list) option presents the same information as the passwd -S command, but in a more friendly fashion. We type the following: sudo chage -l eric Another neat touch is you can set an account expiration date using the -E (expiry) option. We'll pass a date (in the year-month-date format) to set an expiration date of Nov. 30, 2020. On that date, the account will be locked. We type the following: sudo chage eric -E 2020-11-30 Next, we type the following to make sure this change has been done: sudo chage -l eric We see the account expiration date has changed from "never" to Nov. 30, 2020. To set a password expiration period, you can use the -M (maximum days) option, along with the maximum number of days a password can used before it must be changed. We type the following: sudo chage -M 45 mary We type the following, using the -l (list) option, to see the effect of our command: sudo chage -l mary The password expiration date is now set to 45 days from the date we set it, which, as we're shown, will be Dec. 8, 2020. Making Password Changes for Everyone on a Network When accounts are created, a set of default values are used for passwords. You can define what the defaults are for the minimum, maximum, and warning days. These are then held in a file called "/etc/login.defs." You can type the following to open this file in gedit: sudo gedit /etc/login.defs Scroll to the password aging controls. You can edit these to suit your requirements, save your changes, and then close the editor. The next time you create a user account, these default values will be applied. If you want to change all the password expiration dates for existing user accounts, you can easily do so with a script. Just type the following to open the gedit editor and create a file called "password-date.sh": sudo gedit password-date.sh Next, copy the following text into your editor, save the file, and then close gedit: #!/bin/bash reset_days=28 for username in $(ls /home) do sudo chage $username -M $reset_days echo $username password expiry changed to $reset_days done This will change the maximum number of days for each user account to 28, and therefore, the password reset frequency. You can adjust the value of the reset_days variable to suit. First, we type the following to make our script executable: chmod +x password-date.sh Now, we can type the following to run our script: sudo ./password-date.sh Each account is then processed, as shown below. We type the following to check the account for "mary": sudo change -l mary The maximum days' value has been set to 28, and we're told that will fall on Nov. 21, 2020. You can also easily modify the script and add more chage or passwd commands. Password management is something that must be taken seriously. Now, you have the tools you need to take control. See details

How to Add Folder Shortcuts to the Start Menu’s Left Sidebar on Windows 10 Posted: 04 Nov 2020 07:04 AM PST The Windows 10 Start menu includes a handy list of shortcuts to common locations (such as Pictures, Downloads, Settings) in a tiny sidebar. Using Settings, you can customize which shortcuts appear there. Here's how to do it. First, launch "Settings" by opening the "Start" and clicking the "Gear" icon (or by pressing Windows+I). This gear icon for Settings is an example of one of the shortcuts we'll be customizing. In Settings, click "Personalization." In Personalization, select "Start" from the sidebar. In Start settings, scroll to the bottom of the window and click "Choose Which Folders Appear On Start." On the "Choose Which Folders Appear On Start" page, you'll see a long list of common folder locations and shortcuts, each one with a switch. To make one of these appear in your Start menu shortcuts sidebar, click the switch to "On." If you'd like to hide any of them, set the switch beside them to "Off." The next time you open Start, you'll see the shortcuts you've enabled as a vertical list in the far left side of the Start menu. For example, here we've enabled all of the possible shortcuts. If you don't see all of the shortcut icons you've enabled, it means your Start menu is too short. To resize it, click the top edge of the Start menu and drag it upward to make it larger. That will make more room for all of the shortcut icons. RELATED: How to Resize Your Start Menu in Windows 10 If you want to see labels for the shortcut icons, hover over the Start menu shortcut sidebar area with your pointer cursor (or click the menu button with three lines at the top of the sidebar), and the sidebar area will expand. When you click any of the shortcuts that lead to special folders (such as "Music," "Videos," or "Pictures,") you'll be taken directly to the proper location in Windows File Explorer. Very handy! See details

How to Find Latitude and Longitude in Apple Maps Posted: 03 Nov 2020 11:06 AM PST If you're browsing Apple Maps on an iPhone, iPad, or Mac and you'd like to figure out the latitude and longitude of a particular location, it's as easy as dropping a pin. Here's how to do it. How to Find Latitude and Longitude in Apple Maps on iPhone and iPad On an iPhone or iPad, first open "Apple Maps." By browsing the map, position the Maps display in the general region where you'd like to determine the latitude and longitude. It could be your current area or somewhere else. Place your finger on the screen in the exact location whose latitude and longitude you'd like to determine. After a moment, a marker pin will drop onto that spot. On an iPad, after the pin drops, you'll immediately see the latitude and longitude of that location in the "Marked Location" window. On the iPhone, swipe the "Marked Location" window upward until you see the latitude and longitude. After you're done, if you want to get rid of the pin, tap the "Remove" icon (with the trash can on it). Or you can keep the pin in place and add more marker pins to other locations. How to Find Latitude and Longitude in Apple Maps on Mac On a Mac, open the "Apple Maps" app. Position the map in the area near the spot whose latitude and longitude you'd like to discover. Click the exact position with your mouse or touchpad and hold it for a moment until a marker pin drops onto that spot. In the "Marked Location" bubble that appears beside the market pin, click the "Info" button (which looks like a lowercase "i" with a circle around it). In the larder "Marked Location" bubble that appears, you'll find the latitude and longitude of that spot just below the address. After that, if you don't need the pin anymore, click the "Remove Pin" button located in the bubble window. Otherwise, click outside the bubble to close it, then add more pins in other locations if necessary. Wherever you go, there you are. See details

How to Use Virtual Backgrounds in Google Meet Posted: 03 Nov 2020 09:50 AM PST Google Meet is a popular video conferencing service for everything from important work meetings to hanging out with friends. Virtual backgrounds are a fun and useful feature. We'll show you how to use virtual backgrounds in your next Google Meet video call. Virtual backgrounds are a popular feature in Zoom, but Google Meet can do it, too. At the time of writing, the feature is limited to Google Meet on the web. You can choose from a variety of preloaded backgrounds or upload your own image. RELATED: How to Change Your Zoom Background to a Fun Photo or Video To get started, you'll need to be in a Google Meet meeting in a web browser such as Chrome. You can join a meeting or start your own. Next, tap the three-dot menu icon in the bottom-right corner. Select "Change Background" from the menu. The Backgrounds menu will slide out from the right side of your screen. There are buttons for blurring your real-life background found at the top of the list. Underneath those buttons are the preloaded virtual background images. Simply click one to use it. To use your own photo, click the "+" button. A file manager window will open for you to find an image located on your computer to use. We recommend using a JPG or PNG with a 1920x1080p resolution. Now the image will be displayed as your background! Tap the "X" in the top-right corner to leave the Backgrounds menu. That's it! Use these tools to jazz up your work meetings or have some fun with friends. See details

You are subscribed to email updates from My Blog. To stop receiving these emails, you may unsubscribe now.	Email delivery powered by Google
Google, 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States