while changing the root password is a good practice in theory, i would guess that fewer that 7% of the user base would change it to a "strong" password, which is nearly as bad as not changing it at all.

anyone with an ssh server that is accessible by way of the internet should look at a few of the logs...

lastb -a |more
lastb -a -f /var/log/wtmp.1 |more
lastb -a -f /var/log/wtmp.2 |more
...


i have scrolled through this and found over 347 consecutive attempts from only one IP address attempting to log in as root or other assorted id's, some well known backdoor accounts, too. this was only one persons bot'ed machine. literally hunderds of machines have tried to do this to me.

i found a project on sourceforge.net that gleaned IPs out of /var/log/secure (and /var/log/messages, i think) for bad auth attempts. when 3 are found from an IP not in the exempt list, it appends a rule to my firewall that drops any further attempts at login. an `iptables -nL` on my machine shows 163 IP addresses banned thus far, and i blew it away and rebuilt it less than 3 months ago. look for daemonshield on sf.net

with bot'ed machines, and a weak password, your n800 is more likely to be comprimised when on an open wifi network. using key-based two factor authentication methods will significantly reduce the exposure to unwanted access.

as a good rule of thumb, you should never use a root password unless you are on console. you should ssh as a user and `sudo` or `su -` into the root account.