What are the reasons to have strong password at home?
Not a lot. A threat might be a malicious website that installs software on your system that includes something that probes for your sudo password and sends it out to the world. But modern browser will prompt you if something tries to install software. And the average Linux user tends to be more informed than the average Windows users. Plus there is also the idea that we should know where to go and where not to go. In general Linux users do not download from random websites. We use the repositories and can assume these are safe.
Addition: if you want to convert users to Linux there is one thing you should teach these users. Force them to use the Ubuntu software center and warn them not to search for installation files on the web. The biggest reason for virusses on windows is the fact of visiting nasty websites and downloading malicious installation files. Using Ubuntu software center will reduce that risk a lot.
Just an idea: the one big threat we have is when someone manages to install corrupted software into the Ubuntu repositories. If someone gets something malicous accepted into the repositories like an altered chrome or firefox we are all screwed. Is that likely to happen? Naaa.
Even running local services would not matter. A local webserver with no outside connection enabled (ie. running on localhost) will be safe. Only if you run it not local you will be taking a risk: the scripts created to run your website might be flawed. But I would not call that a home computer anymore.
Your 1st and best safeguard on a home system is your router.
And if you are scared it is always the better option to make regular backups where you detach that harddisk from your system when not making backups.
If an attacker has physical access you are in trouble on a normal system. 1 reboot into a live dvd and your sudo password can be changed. Encrypting the disk would be an option. But that will not prevent a formatting.
Attack vectors:
- Behind a NAT router (most are nowadays) fat chance of anyone getting in. And ufw running as well: even less chance... Without a NAT router: it's just software, not hardware. Software can be hacked especially if automatic updates are off.
- Physical access: Indeed, you're right. the password is the least of your concerns while the attacker is there. However if he steals the computer, it is nice to know that none of your data can be seen by the thief. (encrypted home directory minimum, or better: full truecrypt). These people don't have technical skills and an encrypted computer is worth less on the black market.
- LAN: Well, if you're not going to enter any password on the PC why protect the WiFi then? Open it all up! >:) Put the router in the corridor so people can plug in their LAN cables while you're at it! ;) :D
-
"Easy-to-guess-passwords":
Definitely avoid Your country's top 100 passwords
I told my mother to use the name of the street she lived in as a child (not really but something as easy for her to remember) and then add 4 exclamation marks... She actually likes typing her password. :-)
-
To know how security-conscious people are, ask them the following two questions:
A. Do you close your front door with a key?
B. Do you close your curtains?
If the answer to both questions is "No", then don't give them any password, but if one of the questions is answered by "yes", help them protect themselves by giving them a long password! (Remember: in cracking, length is important, not complexity!)