I recently saw this article on how to reset Ubuntu passwords:


While I can see how useful it would be to be able to reset a lost password, isn't this a bit of a major security hole? I mean, if someone were to steal my computer, even though I have my /home encrypted, wouldn't they just be able to boot into recovery mode and reset my password to gain access to all my files? Surely I'm misunderstanding something, because so far, Ubuntu and Linux/GNU systems in general seem so secure, and it seems rather odd for something like this to be possible...

That being said, if I did read that right, and this is possible, would it be advisable to just disable recovery mode? My /home is on a separate partition from my system, so worst case scenario, if I managed to blow up my system, I could just do a fresh install rather than try to fix it via recovery mode.

This article mentioned just a few pros and cons about recovery mode, but does anyone else have any thoughts? (Also, for anyone interested, it also says how to disable it.)