Studies on passwords show that people are still using the same passwords even through several years.The worst passwords are the same. This is a danger in our security, sooner or later we could be hacked. Take a look of the summary of the worst passwords from splashdata.com
In general it’s recommended to use a different password for each site or service, avoiding repeated passwords.
- Combination of capital letters, numbers and special characters.
- Use short sentences to remember them easily.
- Avoid using the same password for different sites, services or computers.
Command Line Tools
In Linux we have several tools to create secure passwords , such as APG. APG, Automatic Password Generator, allows to create passwords in a simple way in real time.
To generate a password of 10 characters easily type the following command:
$ apg -a 0 edquewUns3 hiHeenVot deucEcCaf cedAilWio GlogAsik9 EuvOrEtPo
To generate a password with a length of 8 characters, the instruction would be:
$ apg -a 0 -x 8 HadIcWie Kipdacho LiedAnLu LinsIpay Phofitpa ragMondu
These are the parameters I used in the previous examples:
use algorithm for password generation.
0 – (default) pronounceable password generation
1 – random character password generation
generate password with maximum length max_pass_len. Default maximum password length is 10. By default we will get 6 proposals.
There are other tools like pwgen and makepasswd, which unlike apg need to be installed. We need to install that packages
$ sudo apt install pwgen makepasswd
The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memorable passwords are never going to be as secure as completely random passwords. In particular, passwords generated by pwgen without the -s option should not be used in places where the password could be attacked via an off-line brute-force attack. On the other hand, completely randomly generated passwords have a tendency to be written down, and are subject to being compromised in that fashion.
To get one 8 character password type the following command:
$ pwgen -n1 uPheec1
To get strong passwords use the -s parameter
pwgen -n1 -s uPheec1
To get a long passwords , ie. 10 characters use the following command
pwgen 10 -n1 Hood7iey2u
If you avoid the -n1 command you’ll get a bunch of passwords.
makepasswd generates true random passwords using /dev/urandom, with the emphasis on security over pronounceability. It can also encrypt plaintext passwords given on the command line.
The command will return a 9 characters password by default
$ makepasswd tNjyyhJwE