DIY Security

Securing Your Raspberry Pi: From Passwords to Firewalls

Christian Cawley 11-06-2014

Home media hub The Hardware You Will Need To Build A Raspberry Pi Media Center With so many ways of using it, you shouldn't be surprised to find that the Raspberry Pi has sold over 1 million units. Although designed for one key purpose (programming) this small credit card-sized computer... Read More , security cam system Build a Motion Capture Security System Using a Raspberry Pi Of the many projects that you can build with the Raspberry Pi, one of the most interesting and permanently useful is the motion capture security system. Read More or just a straightforward project box – the Raspberry Pi is versatile and popular. But this popularity could lead to your Pi being hacked or even stolen, resulting in you losing time, effort and data. So what can you do about it?


Change Your Default Password

The default password for your Raspberry Pi should be changed. Often, it isn’t, yet doing so is simple.


To change your Pi’s password (assuming you’re using Raspbian Optimize The Power Of Your Raspberry Pi With Raspbian As befits a man with too much tech on his hands, I’ve been playing with my Raspberry Pi recently, configuring the device so that it works to its fullest potential. It continues to run as... Read More – for your favourite Pi-flavoured distro 23 Operating Systems That Run on Your Raspberry Pi Whatever your Raspberry Pi project, there's an operating system for it. Here are the best Raspberry Pi operating systems! Read More , check appropriate documentation) boot it up, open the Terminal and run sudo raspi-config to display the configuration tool.


Here, select the Change User Password option, and follow the instructions.


This is actually the simplest method of changing your Raspberry Pi password. The quickest is to just type passwd into the terminal, and input a new password when prompted; this method doesn’t require the sudo command, as it is for the pi user that you are already signed in as. Note that when you input the password, no text is displayed on screen, keeping your new secret code safe.


If you were changing the password of a different account, then sudo would be required.

Which brings us to an interesting point: can you change the pi username as well?


Changing The Default Username

If an intruder has your username, they’re half way to accessing your data. As such, you should change the pi username to something else.

As deleting the account could be dangerous without ensuring you have the correct permissions elsewhere, the best option is to create a new superuser account:

sudo useradd -m christian -G sudo

The -m condition creates a home directory for the user, while the second “sudo” adds the user to that group.

Next, enter:

sudo passwd christian

This will allow you to set a password for the new user (in this case, called “christian”).

Your new account should now have the same permissions as pi, as both are in the sudo usergroup.


Before deleting pi, logout of the account and then login again using your new account, and attempt to run sudo visudo again. If successful, your account is ready to take command.



In the terminal, enter sudo deluser pi to delete just the user account. You can leave it there if you like, or also remove the /home/pi directory as well with sudo deluser -remove-home pi.

These are far better options than leaving the default pi/raspberry username/password combination intact, wouldn’t you agree?

Firewalls And The Raspberry Pi

This ridiculously flexible little computer can be setup to act as a physical firewall, a first point of entry into your home network (or even in reverse, as a secure anonymous gateway Build Your Own: Safeplug (Tor Proxy Box) Why pay $50 for a Tor proxy box when you can make your own with a Raspberry Pi and USB WiFi dongle? Read More to the world at large). However, this isn’t what we’re discussing in this guide.

Instead, we’re looking at methods of securing your Raspberry Pi. Various software firewall apps are available for the Pi, but perhaps the most impressive is the powerful Firewall Builder, an easy-to-use GUI that will configure various firewalls including iptables, which is pretty tricky to setup correctly.

Install using

sudo apt-get update
sudo apt-get install fwbuilder

In the Raspberry Pi GUI (type startx in the command line to launch), you’ll find Firewall Builder listed in the Other submenu. Follow the instructions to create your firewall, and save the script. For the best results you’ll need to make sure that the script is loaded before your Pi connects to the network. To do this, open the /etc/network/interfaces script in a text editor and modify, adding:

pre-up /home/pi/fwbuilder/firewall.fw

Finally, add this to the section of the script marked Epilog:

route add default gw [YOUR.ROUTER.IP.HERE] eth0

This will ensure you can still reach the Internet. You’re now done, and your Pi is secure from online intrusion!

A Raspberry Pi Under Lock & Key

That Raspberry Pi of yours is certainly an impressive box of tricks. A less trustworthy person might even be tempted to unplug it and squirrel it away in his pocket… if he didn’t already own one!


Small dimensions do make this little computer extremely easy to pocket, so it is a good idea to keep it and your data under lock and key. When your Pi isn’t in use, place it in a locked drawer; if it is switched on at all times you should similarly consider placing it in a locked container, albeit one with plenty of airflow.

Also, remember to make backups of your SD cards and any other connected data regularly, lest they be stolen or subverted.

Security: Raspberry Pi Style

Everyone with an Internet connection can use Google to find the default username and password of your Raspberry Pi. Don’t give intruders that opening – change your default credentials, and while you’re at it, setup a firewall and make sure you have a safe place to store your Raspberry Pi!

Do you have any security tips to add for your Pi?

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Jonathan
    November 17, 2016 at 7:36 pm


    I'm looking at using Jasper and was concerned about password security for my Google account. First project is a magic mirror with calendar function so it needs the password.

    Will this work toward keeping my account passwords safer?

    BTW I'm a complete noob to this so any Tech answers can you include links to give me further education... Thanks in advance.

  2. Roland
    December 28, 2015 at 11:46 pm

    Thanks for the help/tips.

    I found an error in the deluser picture. I get the same error, when I try to delete the pi user. I think the pi user is auto log in when booting up the device (on tty1). I am seeing this with the who command. I tried reboot. Should I force deluser?

    • RedMickey
      May 29, 2016 at 3:51 pm

      If you're connected through SSH, it might be the SSH session running on pi.
      That was my case.
      You just need to kill the process ("sudo kill {process number}"). If you can't find the process number (in the error log), look for it with "ps aux | less".
      Then, just reconnect with newUsername@raspberrypi (don't reconnect through "pi" user).
      Damn ! It works ! :o

  3. John
    January 26, 2015 at 9:37 pm

    What about adding a password to the root account? And also disabling the root user from logging in via the ssh port? I would think these two basic things should also be done.

    • Christian Cawley
      February 2, 2015 at 8:32 am

      Superb suggestion, John, although the root password is disabled by default in Raspbian.

    • RedMickey
      May 29, 2016 at 3:51 pm


  4. Jesper
    January 11, 2015 at 11:29 am

    You should also consider when using SSH on the raspi to create a key based authorization instead of password based, it is a lot more secure and makes you a lot less vulnerable to brute force attacks. Also changing the SSH port from 22 to a different one helps a lot...

    If you do want a password based authorization on your raspi instead of using keys you should consider two factor authentication.

  5. barendtz
    January 9, 2015 at 11:50 pm

    thanks for the tips, it's helpfull. You may want to check your umask, install fail2ban and/or even set up tripwire, if you're really nervous about security. Also, a crontab entry for apt-get update && upgrade may be wise if this thing is just active in your home network.
    For a firewall, I prefer ufw, but that's really up to you. A graphic interface has it's advantage as well.

    • Christian Cawley
      January 11, 2015 at 9:45 am

      Excellent tips, barendtz, thanks for sharing.