For whatever reason, the Debian-Live-User account password in a LIVE install is not persistent, regardless of whether or not you have set up either a Persistence or Encrypted-Persistence partition. These Persistence and Encrypted-Persistence installations are a bit quirky until you get to know them. Even so, with a tweak here and a work-around there, ParrotSec is overall a very satisfying user experience, and a powerful, feature-loaded OS.
CAVEAT: Be certain that you selected “Persistence” and not “Live Mode” in the GRUB menu. After booting up into the Debian-Live-User account, update your package list and upgrade your virgin (.iso image) system -->> sudo apt update sudo apt full-upgrade. A full upgrade should clear out any bugs or quirks that interfere with changing passwords. If upgrading doesn’t help:
-
Download the latest version of ParrotSec, which is now 4.2.2.
-
BACK UP ALL YOUR PERSONAL FILES that are stored on your Persistence USB stick.
-
Reflash your OS USB stick using Etcher + (available from the ParrotSec downloads page).
Regardless of your boot option selection, the LIVE OS should boot from the opening (GRUB) menu into the log-on screen, where you always input the default password, “toor” (which, in any form of a Persistence use where personal files and custom settings are stored, from a security standpoint, is ridiculous (see below)). The password for the Debian-Live-User account will always be the default password “toor” until you change it either through System, Preferences, Personal, About Me, or through System, Administration, Users and Groups. For obvious reasons, change this password and start the anonymizing Tor daemon (sudo service tor start sudo service tor reload) before you go on-line. Starting the Tor daemon with these terminal commands will not force all your communications through Tor unless you start up Anon Surf. It merely cloaks your MAC and underlying IP addresses (so I’m told).
The passwords for the root account, and for any other user accounts you created in your last LIVE, Persistence or Encrypted-Persistence session, should persist.
I personally believe that the persistence of the default password for the Debian-Live-User account is ridiculous if you’ve selected either the Persistence or the Encrypted-Persistence boot options from the GRUB menu. Unless you have a partition passphrase (see below),+ anyone who finds your USB stick can access your entire system. That’s why you need the initial partition passphrase to lock up access to your partitions.
For more details on Live, Encrypted-Persistence installations see my past posts: VM software on Parrot OS, and Running Tails in a VM inside Parrot 3.11
.
+ Do you not set a Persistence partition passphrase that must be entered during boot up after you’ve selected the Persistence boot option from the GRUB menu? If not, and if you want to secure your personal files and customized system settings, you want to start all over and configure your Live USB system as an Encrypted Persistence system (see below about the non-persistence of your custom Debian Live User account password). That way, you are forced to set a passphrase for each Encrypted Persistence partition during partition setup. From then on, in order to unlock access to your Encrypted Persistence partitions, you’ll be required to enter whatever passphrase you set for that particular partition after selecting Encrypted Persistence from the GRUB menu (you can have a different passphrase for every encrypted partition if you set them up to be independent of each other). Persistence partition passphrases can be changed, but it’s a big pain in the ass. See the documentation in the old community forum.
The “dd” set up option never worked well for me. I have always used Etcher (available from ParrotSec’s download screen) to install the downloaded .iso image onto the USB stick. (Be sure to verify the SHA hash checksums of the .iso image first.) Then I set up two separate encrypted partitions on a separate USB stick; one (very generous) partition for the system settings and updates, and one partition for my personal files. That way I could reflash the OS stick with Etcher every time a new OS version was available from ParrotSec’s download page. If the new OS version would not work with my Encrypted-Persistence settings, I simply deleted the settings partition, rebuilt it, re-upgraded the newly-reflashed, virgin (.iso image) system, and reset all my customized packages and settings. As long as your personal files are stored in a separate encrypted partition, they are always safe.
So why go through all this 2 USB drive, multi-partition rigmarole? Because if you care about the security of your user experience, web-based transactions, and your personal files (again, see above), by routinely reflashing your OS USB stick with a freshly downloaded (and SHA-checksum-verified) new OS version, and, in addition, by rebuilding your encrypted settings partition, you douche out any file/data corruption, and any cleverly embedded malware/spyware (presuming that your system has somehow been penetrated or otherwise corrupted or compromised in the past). For additional security, do your web-based transactions inside of virtual machines via VPN if not via Tor, and use two-factor authentication with those web sites. If you want to retain records of your transaction confirmations, have your web-based accounts send confirmations of those transactions to a two-factor-secured email address.