[Trisquel-users] Re : Trisquel Noob Here

[lcerf]

If no password is required to do administrative tasks, it means every program  
runs with all privileges. As a consequence, exploiting a vulnerability in any  
running program (the RSS reader, the P2P client, a video game, ... any  
program) is taking control over the system to do anything (install a Troyan  
that starts at init, send the passwords saved in your browser, encrypt your  
disk and ransom you for decrypting it, ... anything). Free software  
developers are not perfect. Our programs have bugs that can be vulnerability.  
With proprietary software, the situation is worse. Proprietary software often  
is malware: https://www.gnu.org/proprietary

And, of course, if servers are installed (e.g., an SSH server), then you  
obviously want to check with a password that the remote connection is  
authorized.