![[EdCert previous]](../../../edcert/images/prev.gif)
![[EdCert next]](../../../edcert/images/next.gif)
![[EdCert top]](../../../edcert/images/top.gif)
Although a blank password field in /etc/group is not as much of a security risk as it is in /etc/passwd, it is still not a good idea to leave an empty field. By gaining access to the right group a user could get write privileges for the /etc/passwd file.
The convention on accounts that have no passwords is to place an asterisk in the password field. On most systems the asterisk is considered an invalid or illegal password and will prevent anyone from logging into the account.