{{Header}}
{{#seo:
|description=Information about {{project_name_short}} default user and passwords.
|image=Password2781614640.jpg
}}
{{Title|
title={{project_name_short}} Default Passwords
}}
{{passwords_mininav}}
{{intro|
Information about {{project_name_short}} default user and passwords.
}}
= Current Version =
Starting from build version <code>17.2.0.7</code> and above:

{{Default_Passwords}}

Users can [[Post_Install_Advice#Change_Passwords|change or set a password]] for security reasons if this is useful in their case based on this [[Default_Passwords#Information|Information]].

For troubleshooting, refer to [[Post_Install_Advice#Change_Keyboard_Layout|Change Keyboard Layout]] and [[Post_Install_Advice#Test_Keyboard_Layout|Test Keyboard Layout]].

= Old Versions =
Build versions older than <code>17.2.0.7</code>:

{{mbox
| image   = [[File:Ambox_notice.png|40px|alt={{project_name_short}} default admin password is: changeme]]
| text    =
* '''Default username:''' {{CodeSelect|code=user}}
* '''Default password:''' {{CodeSelect|code=changeme}}
}}

This was changed in newer versions. See above.

Default passwords in old build versions remain unchanged.

= Information =

* '''Definitions:'''
** '''Single-user system:''' A single-user system is defined here as a computer that has only one human user.
** '''Multi-user system:''' A multi-user system is defined here as a shared computer that has different multiple human users.
** '''User account password:''' A password for a Linux user account such as user <code>user</code>. This is used for [[Login]] into [[Desktop#Virtual_Consoles|Virtual Consoles]], graphical login manager (such as LightDM) as well as for administrative ("[[root]]") rights authentication.
** '''Disk encryption password:''' A password required early during the boot process ("pre-boot") to decrypt the hard drive.

* '''Importance of setting a user account password:'''
** '''For single-user systems:''' Not important.
** '''For multi-user systems:''' Important.

* '''Advantage of setting a user account password:'''
** [[Protection_Against_Physical_Attacks#Login_Screen|Login Screen]] password protection.
** [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]] password protection.
** Administrative ("[[root]]") rights authentication. (But this is a weak protection. See [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]] for a safer procedure.)

* '''Protect computer from unauthorized access:'''
** '''FDE:''' It is recommended to use [[Full_Disk_Encryption|Full Disk Encryption (FDE)]]. This will protect all important data on the computer once it has been powered off through encryption and require authentication early during the computer boot process using a disk encryption password. This is a much stronger protection than any user account login password. Note, that FDE requires a very strong password which can resist offline password cracking. See [[Passwords]].
** '''Screen lock:''' See [[Protection_Against_Physical_Attacks#Screen_Lock|Screen Lock]].
** '''BIOS password''': See [[Protection_Against_Physical_Attacks#BIOS_Password|BIOS Password]].
** '''See also: [[Protection_Against_Physical_Attacks|Protection against Physical Attacks]]'''

* '''Password strength requirements for user account password:''' If setting a user account password, how strong does it need to be? 22 truly random characters such as for example "<code>zavtf5%/r+B`ZkKQ;g,8}{</code>"? (Obviously, do not use that password because it is publicly known, written on a website.) No, strong passwords for Linux account users are not required. This is because in {{project_name_short}} user accounts are locked after 50 failed login attempts. This is thanks to [[Dev/Strong_Linux_User_Account_Isolation#Online_Password_Cracking_Restrictions|Online Password Cracking Restrictions]].

* '''Unlock:''' How to unlock a user account password once the account gets locked? See [[Root#Unlock_User_Account:_Excessive_Wrong_Password_Entry_Attempts|password unlock procedure]].

* '''How to safely use sudo/root?''' See the [[root|Safely Use Root Commands]], especially [[Root#Prevent_Malware_from_Sniffing_the_Root_Password|Prevent Malware from Sniffing the Root Password]].

* '''Technical rationale:''' See [[Dev/Strong_Linux_User_Account_Isolation|Strong Linux User Account Isolation]].

* '''Forum discussion:''' [https://forums.whonix.org/t/whonix-default-password-changeme-impact/13115 default password (changeme) impact]

= Related =
* [[Login]]

= Footnotes =
<references />
{{Footer}}
[[Category:Documentation]]