How to Create Secure Passwords from the Terminal

Studies on passwords show that people are still using the same passwords even through several years.The worst passwords are the same. This is a danger in our security, sooner or later we could be hacked. Take a look of the summary of the worst passwords from splashdata.com

In general it’s recommended to use a different password for each site or service, avoiding repeated passwords.

  • Combination of capital letters, numbers and special characters.
  • Use short sentences to remember them easily.
  • Avoid using the same password for different sites, services or computers.
Command Line Tools

In Linux we have several tools to create secure passwords , such as APG. APG, Automatic Password Generator, allows to create passwords in a simple way in real time.

To generate a password of 10 characters easily type the following command:

$ apg -a 0 
edquewUns3
hiHeenVot
deucEcCaf
cedAilWio
GlogAsik9
EuvOrEtPo

To generate a password with a length of 8 characters, the instruction would be:

$ apg -a 0 -x 8 
HadIcWie
Kipdacho
LiedAnLu
LinsIpay
Phofitpa
ragMondu

These are the parameters I used in the previous examples:

-a algorithm
use algorithm for password generation.
0 – (default) pronounceable password generation
1 – random character password generation

-x max_pass_len
generate password with maximum length max_pass_len.  Default maximum password length is 10. By default we will get 6 proposals.

There are other tools like pwgen and makepasswd, which unlike apg need to be installed. We need to install that packages

$ sudo apt install pwgen makepasswd

The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memorable passwords are never going to be as secure as completely random passwords. In particular, passwords generated by pwgen without the -s option should not be used in places where the password could be attacked via an off-line brute-force attack. On the other hand, completely randomly generated passwords have a tendency to be written down, and are subject to being compromised in that fashion.

To get one 8 character password type the following command:

$ pwgen -n1
uPheec1

To get strong passwords use the -s parameter

pwgen -n1 -s
uPheec1

To get a long passwords , ie. 10 characters use the following command

pwgen  10 -n1
Hood7iey2u

If you avoid the -n1 command you’ll get a bunch of passwords.

makepasswd generates true random passwords using /dev/urandom, with the emphasis on security over pronounceability. It can also encrypt plaintext passwords given on the command line.

The command will return a 9 characters password by default

$ makepasswd
tNjyyhJwE