Why does my droplet's password change for no reason after a while?

May 23, 2016 189 views
DigitalOcean Security Ubuntu

So after resetting the password, which was received by email, I log into the droplet and it asks me to make my own password which I do. Now after I while, when I try to log in again, the password is 'changed' as my existing one no longer works. I am 99% sure I haven't tried changing it so I have no idea why it does this. Afterwards when this happens, I have to reset my password again by email to log into my droplet.

1 Answer

Unfortunately if your password is truly changing like that, your server may have been compromised. By default, Ubuntu does not expire or change passwords automatically. It is possible to set them to expire after a certain time period, but the flow for that is the same as when you first login. You'll be asked for the old one and then to set a new one.

Review /var/log/auth.log and see if there have been successful login attempts from unknown IP addresses. You can also use the lastlog command to see if there have been logins from unknown user accounts.

This tutorial is good starting point for taking steps to secure your server:

When setting up infrastructure, getting your applications up and running will often be your primary concern. However, making your applications to function correctly without addressing the security needs of your infrastructure could have devastating consequences down the...
Have another answer? Share your knowledge.