When you hear headlines like “16 billion passwords leaked in a single breach,” or “Millions of Gmail accounts compromised in October 2025,” it’s clear just how vulnerable digital accounts have become.
Even Apple and Facebook recently fell victim to massive credential dumps, causing panic for everyday users and IT professionals alike. These events aren’t distant news—they’re reminders that anyone.
For Linux users, especially newcomers, this makes secure account management more urgent than ever. Strong passwords and smart management aren’t just recommendations—they’re your frontline defense in a landscape where hackers automate attacks and new breaches happen almost daily.
In this guide, we’ll walk you through the different ways to set passwords on Linux. We’ll start simple, move to automated scripts, and even cover the pro-level method used in enterprise environments. By the end, you’ll feel confident managing passwords safely and efficiently.
Table of Contents
Create the User Account Safely
The first step is to create the account with a home directory and a default shell:
sudo useradd -m -s /bin/bash newuser
Explanation:
m→ Creates a home directory for the users /bin/bash→ Sets the default shell
You can check the account:
id newuser
Strong Passwords Are a Must
A strong password isn’t just about complexity — it’s about unpredictability and length. Attackers today use password lists and brute-force tools that can test billions of guesses per second.
Something like BlueSky$2025! may look strong, but it follows a human pattern — word + year + symbol — which makes it predictable.
A better password looks random, like:
See also: Mastering the Linux Command Line — Your Complete Free Training Guide
R7@hDpXv9Q!2
For modern systems, 12–16 characters is now the new baseline for secure passwords.
You can check your system’s password policy on RHEL 9 with:
cat /etc/security/pwquality.conf
This file defines values like:
minlen→ Minimum password lengthminclass→ Required character diversity
You can generate one right in your terminal:
tr -dc 'A-Za-z0-9!@#$%^&*' < /dev/urandom | head -c12
Let’s quickly break that down:
- tr -dc ‘A-Za-z0-9!@#$%^&*’: This filters the random data to only include letters, numbers, and some common symbols.
- < /dev/urandom: It gets its input from a stream of random data.
- | head -c12: This takes just the first 12 characters.
The result is a random 12-character string. Feel free to change 12 to any length you need!
Meet passwd: The Classic Command
When it comes to Linux passwords, passwd is your go-to tool. It’s interactive and perfect for handling one user at a time.
Changing Your Own Password
Updating your credentials regularly is a smart habit. Here’s how simple it is:
- Open your terminal.
- Type
passwdand press Enter. - Enter your current password when prompted.
- Enter your new password, then confirm it.
That’s it! passwd makes sure your new password is typed correctly, without typos.
Setting a Password for Another User
If you have sudo or root privileges, you can set or reset passwords for other users. This is handy if someone forgets their password or you’re setting up a new account.
Just add sudo to the command:
sudo passwd <username>
For example, to change the password for a user named Alex:
sudo passwd alex
Because you’re using sudo, you don’t need Alex’s old password. The system will simply prompt you to enter and confirm a new one.
Ready for Automation? Meet chpasswd
passwd works great for one-off changes, but it’s interactive. What if you need to set passwords for multiple users at once or in a script? That’s where chpasswd shines.
It reads input in a simple username:password format. For example:
echo 'bella:ThisIsAStrongPassword123!' | sudo chpasswd
No prompts, no fuss. Bella’s password is set instantly.
chpasswd is a game-changer for automation and bulk user management.
Using chpasswd -e: Pre-Hashed Passwords
For maximum security, you might never want to handle plain-text passwords in your scripts. Instead, you can use pre-hashed passwords and tell chpasswd that the input is already encrypted with the -e flag.
Here’s what that looks like:
echo 'test:$6$rounds=100000$lEsRRO/bBCaL.Xnl$sOZ018XCqYjHp4ANWCUjKMLF1W/1PQ.0JmiaBwpHvmm71yvmg0Jr0zHlBd1' | sudo chpasswd -e
Let’s break it down:
test:→ The username$6$→ Tells Linux this is a SHA-512 hashrounds=100000$→ The hashing algorithm was run 100,000 timeslEsRRO/bBCaL.Xnl$→ The “salt,” which makes each hash unique even if the password is the samesOZ018XCq...→ The final hashed password
The -e flag instructs chpasswd that the password is already encrypted.
Unlike passwd -e (which expires a password), chpasswd -e simply skips hashing and sets the stored hash directly.
This is perfect for automated deployments or configuration management tools like Ansible, Puppet, or Chef, where you want passwords to be secure without ever writing them in plain text.
Forcing a Password Change on First Login
Even if you set a temporary password, the best practice is to force the user to change it on their first login.
You can do this with either:
passwd -e– expires a password immediatelychage -d 0– sets the last password change date to 0, forcing an update
Example with chage:
# Step 1: Set the temporary password (plain text or pre-hashed)
echo 'bella:ThisIsAStrongPassword123!' | sudo chpasswd
# Step 2: Force a change on next login
sudo chage -d 0 bella
Using chage in scripts is explicit and works regardless of whether the password was set as plain text or pre-hashed.
Secure the Account Beyond Passwords
Strong passwords are just one layer. Linux gives you several ways to tighten account security even further.
Lock inactive accounts:
sudo usermod -L username
Prevents login without deleting the account.
Set account expiration dates (useful for temporary users or contractors):
sudo chage -E 2025-12-31 username
Limit shell access for service accounts:
sudo useradd -s /sbin/nologin serviceuser
This prevents direct logins while still allowing the account for background services.
Combining these settings with strong password policies gives you layered protection — exactly what good security is about.
Double-Check Your Setup
After creating users, always verify that everything’s configured as expected.
sudo passwd -S username # Check password status
sudo chage -l username # View password aging info
sudo id username # Confirm UID, GID, and groups
If the account is for limited use, consider disabling password logins entirely and switching to SSH key authentication for stronger, easier management.
Putting It All Together: A Secure Script
Here’s a complete Bash script combining everything:
#!/bin/bash
# 1. Ask for the username
read -p "Enter the new username: " NEW_USER
# 2. Generate a random password
NEW_PASS=$(tr -dc 'A-Za-z0-9!@#$%^&*' < /dev/urandom | head -c16)
# 3. Create the user
sudo useradd -m -s /bin/bash $NEW_USER
# 4. Set the password (plain text)
echo "$NEW_USER:$NEW_PASS" | sudo chpasswd
# OR use a pre-hashed password:
# echo "$NEW_USER:<hashed_password>" | sudo chpasswd -e
# 5. Expire the password to force a change
sudo chage -d 0 $NEW_USER
# 6. Display credentials
echo "---------------------------------------"
echo "User '$NEW_USER' has been created."
echo "Temporary Password: $NEW_PASS"
echo "The user will be required to change this password on their first login."
echo "---------------------------------------"
You’ve Got This
From interactive passwd to automated chpasswd and pre-hashed passwords with -e, you now have the full toolkit for secure Linux user management. Combine it with forced first-login changes, and your users—and systems—are much safer.
