By Leonard Cucos •  Updated: 05/28/21 •  4 min read

If you decide to use a Kali Linux live image, the Kali Linux default root password is toor – the word root reversed. Easy to remember, right? This is the default root password on all Kali Linux i386, amd64, VMware, or ARM live images.

Also note that starting with Kali Linux 2020.x, the default password for the kali user is kali

Here is a table you can screenshot to remember the default Kali Linux password easily next time.

Default UsernameDefault Password
Table 1.1: Kali Linux default root password

It is highly recommended to change the default Kali Linux passwords for your user [kali] and root [toor] for security reasons, especially if you connect Kali Linux to the Internet. 

It literally takes a few seconds for an attacker to find out what operating system you’re using and log in using the default Kali credentials. And with that, your computer, as well as the network behind it, is compromised. 

If you decide to install Kali Linux instead of using a live image, you will be prompted to configure your username and root passwords for your system during the installation. 

NOTE: In case you forgot your Kali Linux root password, use this guide instead: How To Reset A Lost Password For ROOT In Kali Linux 2021

Change Kali Linux Default root password

To change the default root password in Kali [toor] is as easy as changing any password for any user in the system. In the terminal, type the following command:

sudo passwd root

When you are prompted, type the password for the kali user. Then type and confirm the new password for the root user. 

Figure 1.2: Change Kali Linux default root password.

Here is a hypothetical example again. Use a different password than the one used in this example:

[sudo] password for kali: kali  <or the new password changed in the previous step>

New password: M1R0@tPassw0rd

Retype password: M1R0@tPassw0rd 

That’s it. You just changed your Kali Linux default root password! The change takes place immediately. Now let’s secure the default password for the kali user as well.

How To Change the Password For Kali User

Alright. The default root password on Kali is now secured. But we still have a vulnerability: the kali user. Let’s change the default password for the kali user now.

The process is as simple and straightforward as changing the root password above. Open a terminal and execute the following command:

sudo passwd kali

You will be asked to type the current password [kali] for the kali user. Then type and confirm the new password.

Here is a hypothetical example for you to understand. Use a different password than the one I used below.

[sudo] password for kali: kali

New password: J@hn12#$

Retype password: J@hn12#$

Note that you won’t be able to see your passwords while typing them in the terminal. This is a security measure widely implemented on the Linux/UNIX systems.

Figure 1.1: Change Kali Linux default password for kali user.

Make sure you chose a strong password that you can remember. 

Good Practices To Stay Safe

The most vulnerable part of an attack is usually the human being. An experienced attacker will look beyond the target machines and do some social engineering to understand the people using the keyboard.

Breaking a password is probably the holy-grail achievement of a hacker. Here are a few tips to make sure that doesn’t happen:

  1. Use a strong password containing capital and small letters, numbers, and special symbols. The longer, the better.
  2. Never share your passwords [especially for root]. If you do so, make sure you immediately change all the passwords on your system [root and users].
  3. Never write down your password. You never know who may see it and use it without your consent.
  4. Don’t disable the login screen. Though convenient, it is the easiest way to forget a password.


You can change the Kali Linux default root password as many times you want – as long as you can remember it. 

This is a simple yet important process often overlooked by beginners. It takes roughly the same amount of time for you to change the default passwords as for an attacker to break into your system. Remember that!

If you found this guide useful, please do me a favor and share it around – it really makes a difference. 

But most importantly: stay safe. 

Leonard Cucos

Leonard Cucos is an engineer with over 20 years of IT/Telco experience managing large UNIX/Linux-based server infrastructures, IP and Optics core networks, Information Security [red/blue], Data Science, and FinTech.