- Date Created: [[2020-10-03]] - Source: https://searchsecurity.techtarget.com/answer/What-is-password-shadowing#:~:text=Shadow%20password%20files%20are%20a,strongly%20than%20%2Fetc%2Fpasswd. - [[Information Security]] #[[Offline]] [[Wordsmithing]] - Password shadowing is an information security technique where private information is kept in a duplicate or "shadow" file that mirrors the file containing public information, except that it is obscured in some way, such as by restricting access to certain users. - In Unix systems, `/etc/passwd` is a file that traditionally holds both private and public information about a user. Password shadowing adds a second file, `/etc/shadow`, that is, for example, only readable by root. - Password shadowing has the additional advantage of decoupling private information from public information, reducing the risk of exposure through one vector of attack.