Problem Description: O/S is asking for Key Ring password (??)
Relevant System Information:
Because my system is basically a simple home desktop I had chosen to bypass the password upon log-in / wakeup (it got annoying). Everything worked fine for a long time.
However, after an auto SW update a window popped up asking for my “Key Ring” password. What is a Key Ring? (I’m a recent Windows convert). Anyways. I assumed my log-in password would work but then realized I hadn’t used it for so long I couldn’t remember what it was. I wrote it down but can’t find that paper either. Is there anyway to locally reset a user password without the password or root PW? And what exactly is a Key Ring?
(a) Boot into Advanced options for Ubuntu
Select recovery mode
(b) Choose root - Drop to root shell prompt
Press Enter for maintenance (to access the root shell prompt)
(c) To enable write access to the root partition, use the following command
mount -rw -o remount /
(d) List users
ls /home
(e) Reset the password, using a username from the previous list
passwd username
Enter a new password and retype the new password to confirm (Note: Ubuntu does not display the password you typed, just type and press Enter)
Thanks so much, that worked to change the user password (which I have written down).
I altered my system so that I now do require a password to login each time (so I don’t forget it again) which is working as expected however I still get a pop up window requiring authorization and states “your login password no longer matches that of your keyring.”
I don’t know what a key ring is nor do I ever remember entering a password for it.
Also, oddly, if I just keep hitting CANCEL on the pop up window after about a dozen times I get the program or file I was after, which seems weird.
Can this be fixed somehow?
EDIT: Never mind. I researched how to change the key ring password and have got this solved now.
Forgive me if I appear dim, but your step by step instructions (excellent for the OP) seem to suggest it is relatively easy for anyone to access my laptop.
Given the opportunity of tampering with an unattended laptop, a nefarious footpad would surely steal it rather than spend time fiddling with the password.
Rest assured @pantazi, if my criminal associates offer me your PC, I promise to return it intact, password unchanged
This is true, although if someone has physical access to your computer, all bets are off — look up “evil maid attack”.
However, if you are wanting to protect your data, which is always a good idea — for example should your computer be stolen — you should encrypt your drive.
Usually, Windows uses Bitlocker; MacOS uses FileVault; iOS, ChromeOS and Android have their own methods. Linux usually uses LUKS, which is a powerful encryption method. (Given that ChromeOS and Android are both Linux distributions, it’s interesting that they don’t use LUKS.)
Unfortunately, by default, Linux distributions generally don’t use encryption. This is something that, in my opinion, should change.
When you install Ubuntu, one of the options is to use full-disk encryption (i.e. LUKS), optionally with LVM (a flexible virtual partitioning system). It’s an excellent idea to choose both.
The downside is that this is available only if you format your entire disk, so it can’t be used with dual-boot nor with customised partitions. This is a serious failing with the present Ubuntu installer, and there have been bug reports raised for this.
It’s possible to encrypt your drive post-installation, but, alas, this isn’t straightforward.
While full disk encryption will protect your disk from being read by anyone who removes it from the device, it will actually become decrypted during boot which will then allow an attacker to start a brute force password attack to try to get in.
If you want to protect your system from people being able to access the emergency/recovery mode you will need to set a password in the bootloader so people can not easily access the menu to select recovery mode…
But only after you’ve entered the LUKS passphrase, so it still protects you if your computer is stolen while powered off. Even if powered on, your password protects your system, so the thief would have to restart the computer, which of course would leave it encrypted and requiring the passphrase again.
This is the most secure of all — by being baked into the hardware itself, even Grub and the EFI system partition are unavailable without the boot password.
It would be great if this were the default standard everywhere! My computer, unfortunately, doesn’t have this, so I have to use LUKS.
Sorry, I was talking about the new default setup that uses TPM for an actual full disk encryption and can be enabled by one click in the installer without additional fiddling (like you do have to do with a manual setup of LUKS which also only encrypts a partition, not the full disk), that one does not need a password since the keys are stored in TPM …
I see. I was rather hoping that the BIOS would demand authorisation before releasing the key, otherwise we’d still have to use LUKS to encrypt the data on an already-encrypted drive!
Is there no way to fix this? I hope so, before the time comes for me to replace the computer that I’m currently using.
Then your install would fail, the TPM based installer option indeed expects a working TPM (even at the correct version since older variants are insecure), it is also not designed for any interaction, you’d have to do the old manual LUKS way of encrypting single partitions if you wanted that (though that won’t protect /boot or the initrd or kernel then)
TPM is a hardware key storage device on your machine.
It is still a LUKS disk encryption but with a key that gets generated during install and stored in the TPM device of your system so that your disk becomes unreadable when you would try to read from it on any other machine
