{{Header}}
{{Title|
title={{project_name_short}} Default Passwords
}}
{{#seo:
|description=Information about {{project_name_short}} default user and passwords.
|image=Password2781614640.jpg
}}
{{passwords_mininav}}
[[File:Password2781614640.jpg|thumb]]
{{intro|
Information about {{project_name_short}} default user and passwords.
}}

= Introduction =

On this page we discuss default passwords for {{project_name_short}} and offer guidance and answers to common questions.

= Default Passwords for {{project_name_short}} =

== Current Version ==
Starting from build version <code>17.2.0.7</code> and above have these default settings:

{{Default_Passwords}}

Users can [[Post_Install_Advice#Change_Passwords|change or set a password]] for security reasons if this is useful in their case based on this [[Default_Passwords#Information|Information]].

For troubleshooting, refer to [[Post_Install_Advice#Change_Keyboard_Layout|Change Keyboard Layout]] and [[Post_Install_Advice#Test_Keyboard_Layout|Test Keyboard Layout]].

== Old Versions before 17.2.0.7 ==

Build versions older than <code>17.2.0.7</code> had these default settings:

{{mbox
| image   = [[File:Ambox_notice.png|40px|alt={{project_name_short}} default admin password is: changeme]]
| text    =
* '''Default username:''' {{CodeSelect|code=user}}
* '''Default password:''' {{CodeSelect|code=changeme}}
}}

This was changed in newer versions. See above [[#Current_Version]].

Default passwords in old build versions remain unchanged.

= Information / FAQ =

{{Collapsible
|title='''Definitions to understand topics below'''
|smallTitle=true
|content=
* '''Single-user system:''' A single-user system is defined here as a computer that has only one human user.
* '''Multi-user system:''' A multi-user system is defined here as a shared computer that has different multiple human users.
* '''User account password:''' A password for a Linux user account such as user <code>user</code>. This is used for [[Login]] into [[Desktop#Virtual_Consoles|Virtual Consoles]], graphical login manager (such as LightDM) as well as for administrative ("[[root]]") rights authentication.
* '''Disk encryption password:''' A password required early during the boot process ("pre-boot") to decrypt the hard drive.
}}

'''Importance of setting a user account password:'''
* '''For single-user systems:''' Not important.
* '''For multi-user systems:''' Important.

'''Advantage of setting a user account password:'''
* [[Protection_Against_Physical_Attacks#Login_Screen|Login Screen]] password protection.
* [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]] password protection.
* Administrative ("[[root]]") rights authentication. (But this is a weak protection. See [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]] for a safer procedure.)

'''Protect computer from unauthorized access:'''
* '''FDE:''' It is recommended to use [[Full_Disk_Encryption|Full Disk Encryption (FDE)]]. This will protect all important data on the computer once it has been powered off through encryption and require authentication early during the computer boot process using a disk encryption password. This is a much stronger protection than any user account login password. Note, that FDE requires a very strong password which can resist offline password cracking. See [[Passwords]].
* '''Screen lock:''' See [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]].
* '''BIOS password''': See [[Protection_Against_Physical_Attacks#BIOS_Password|BIOS Password]].
* '''See also: [[Protection_Against_Physical_Attacks|Protection against Physical Attacks]]'''

'''Password strength requirements for user account password:''' If setting a user account password, how strong does it need to be? 22 truly random characters such as for example "<code>zavtf5%/r+B`ZkKQ;g,8}{</code>"? (Obviously, do not use that password because it is publicly known, written on a website.) No, strong passwords for Linux account users are not required. This is because in {{project_name_short}} user accounts are locked after 50 failed login attempts. This is thanks to [[Dev/Strong_Linux_User_Account_Isolation#Online_Password_Cracking_Restrictions|Online Password Cracking Restrictions]].

'''Unlock:''' How to unlock a user account password once the account gets locked? See [[Root#Unlock_User_Account:_Excessive_Wrong_Password_Entry_Attempts|password unlock procedure]].

'''How to safely use sudo/root?''' See the [[root|Safely Use Root Commands]], especially [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]].

'''Technical rationale:''' See [[Dev/Strong_Linux_User_Account_Isolation|Strong Linux User Account Isolation]].

'''Forum discussion:''' [https://forums.whonix.org/t/whonix-default-password-changeme-impact/13115 default password (changeme) impact]

= Related =
* [[Login]]

= Footnotes =
<references />
{{Footer}}
[[Category:Documentation]]