On Sun, Dec 20, 2015 at 02:28:42PM -0500, Gene Heskett wrote: > Good question Lisi, one I've yet to hear a good explanation for from the > bunto folks, and I did ask a couple times in the past. Should I make the > pw I use just as obtuse & long? That depends on what sort of threats you may face. If you have unrestricted sudo rights, then access to your account is just as good as access to root. Possibly even more so, since your account might have access to resources on other machines that root doesn't. Or an attacker might use an unpatched exploit to steal root access, even without sudo rights. But even without root access, access to your account alone may be valuable to the attacker. If the attacker thinks of you as just another machine on the Internet, then they can still use your machine to (say) store files, launch attacks on others, maliciously delete or encrypt files (ransomware), send spam, go through your address books and emails looking for other accounts to attack, steal unencrypted passwords from your web browser and get access to your on-line banking, social media and "cloud"-based systems. From which they can steal your money, send spam, or launch attacks on others -- emailed malware is *much* more effective when it comes from a person you trust. If they are specifically targetting *you*, or somebody you know, they can invade your privacy, stalk you or your friends/family, perform industrial espionage, or frame you for possession of illegal material such as child pornography or terrorist-related material. Root access not required. Consider that attacks are not necessarily over the internet. Are you living alone, or sharing a flat with four total strangers? Do you take your computer into the shop to get repairs done? How well do you trust them? -- Steve