Your Internet Consultant - The FAQs of Life Online

12.3. Is it possible for my system administrator to see my password?

On most large-scale computer systems, system administrators cannot find out your password. However, this should be of little comfort to you because if administrators want to snoop in your files, they don't even need your password. System administrators, or anyone with superuser power, can nonchalantly check your files, make copies of them, delete them, whatever. That's the number one reason that you need to use a service provider you can trust.

Note: Some systems on the Internet--especially certain types of bulletin board systems--do not shield your password from the system administrator's eyes. For that reason, you should never use the same password on more than one system. If you have multiple accounts, you need multiple passwords. It's a drag, I know, but it protects you.

UNIX systems (among others) use a tricky feature called one-way password encryption. When you first choose a new password (for instance, with the UNIX passwd command) the computer encrypts your password so thoroughly that it can never be decrypted and only stores the encrypted version. Later, when you type your password while logging in, the computer encrypts your guess using the same method and compares the encrypted version of your guess to the encrypted version of your actual password. If they match, you're allowed in.

Following are a few lines from the UNIX file /etc/passwd, where users' passwords are stored. Notice that the second field, right after the username, is gibberish. That's the user's encrypted password. Don't bother trying to decode them, you can't. 

waffle:VHqgnuFKk.BC2:579:20:Kevin
Savetz:/files/home/waffle:/local/bin/tcsh
rayfox:eF/gtVIB9JhOY:1122:20:Raymond D.
Fox:/i/home/rayfox:/local/bin/tcsh
mramesh:qupwsgBxxneqs:1123:20:Ramesh
Meyyappan:/i/home/mramesh:/local/bin/tcsh
onethumb:ohki3YdLQFQLg:1124:20:Don
MacAskill:/i/home/onethumb:/local/bin/tcsh
lorna:mx8YsCiZmYzuQ:1125:20:Lorna Overby:/i/home/lorna:/local/bin/tcsh
tersa:kD83hHLlIv59Y:1126:20:Tersa
Lewandowski:/i/home/tersa:/local/bin/tcsh
mmaniar:lUQ.4QyZXBb9k:1127:20:Mihir
Maniar:/i/home/mmaniar:/local/bin/tcsh
usha:z4SJ0J1F89/rQ:1128:20:Usha Ramaswamy:/i/home/usha:/local/bin/tcsh
bgregory:6Avv92pPO5rHs:1129:20:Brian Gregory:/i/home/bgregory:/bin/csh
forte:gqvOnATmb8jWs:1130:20:Forte Systems:/i/home/forte:/local/bin/tcsh
shannah:md9JGo3Do5V3c:1131:20:Teri Miller:/i/home/shannah:/local/bin/tcsh
robot:s4AsiqzcZmPk6:1132:20:Robert Kennedy:/i/home/robot:/local/bin/tcsh
gwenaver:pbHienGd4bWAs:1133:20:Gwenaver:/i/home/gwenaver:/local/bin/tcsh
shatter:mEpqGznkx7EAM:1134:20:Jay
Srinivasan:/i/home/shatter:/local/bin/tcsh
eliu:dn63y4ScGA2z6:1135:20:Elaine Liu:/i/home/eliu:/local/bin/tcsh
Note: Although your password can't be decrypted, you're never perfectly safe. Unscrupulous crackers can use the same encryption routine to stab guesses at your password. Several computer programs are available that can quickly and silently encrypt every word in the dictionary and compare them to the list of encrypted passwords on your system. Therefore, if your password is in the dictionary, is a common name, and so on, you can get zapped.

Table of Contents | Previous Section | Next Section