I am not going to discuss why you need strong passwords. It is an open secret that strong passwords keep you relatively safer.
Generating strong passwords is something you can do on your own but putting all the combination of lower and upper cases, numbers, symbols can be a tiresome work.
But you need not worry. Linux has got you covered. You can either use a password manager in Linux for managing your passwords or simply user password generating tools.
Let me share some of the best password generators for Linux that will ease the task for you.
Generate secure password in Linux with these tools
Most of the password generation tool discussed here are command line tools. Don’t worry, I have not forgotten readers who prefer GUI. This list of password generators for Linux covers both kinds of tools.
Now while making truly random passwords is easy if you have the right tools, remembering them is hard. For e.g. my goto tool to generate a random password is pwgen. Let’s first install it –
sudo aptitude install pwgen
generating random passwords with pwgen is easy, just run pwgen and it will generate a list of passwords for you.
ia8Moopu eDohqu0E gis0Kaek Mee1quei daeW6ISh Otai3oQu cee4Sho6 YooSh8ae
oh3ue0Ye shouD4ga eel5Igho ugei2Soh Oophui5W Uas6ooti Ohk2aefu AhwieB9d
eeL3bei5 cai7Chas ieL1iesh bah2saeG Quai2oo5 Ooyei8yu Tai1cheY fiKohbu6
Aht1afit se5ZoiRi iegah7Ou Ing9beim Moh5Ahc9 aiV2echu Niel2the Hu5sie9n
shoo2aeX ni7eiQue beez6uF1 Zagae1Ie xa0Ainah naeg1Aiv xa6eiR3O ia6eeHaj
Naefai4a ee9haeGh Eemiequ4 eeW3uure ooni7OoC Shah2aht Aeth0ofa looMe8ei
aene2Aiz tee9zohR cae8Jahb Eer5chet weohi7Ae ieQu9ieV Eec1mieg Teiri7ie
Kie5aiKo Iepahxo8 mae5Goh3 aip4Oosh lei6Ohpo Aiz9ahqu nex6Fohb KaePah9o
cai3Ahja bae3Iewe cu8Pheid Mahf9sho oof0yuCh aeH3ieku Eem9eigh Eez7aito
moo2jaeF wo4Voo2v Cee5waeh Au0thia6 maaNg6xi ezae5Aew Heije4Ie fai1Niet
Kefeod7d oosh9GoM ashaeKi6 oot3ci9I eikei8Ei oaLa4quo Japheir1 puChai7F
ohgh6ohB ienai8Ep Ooc3Ieno puCh1aem Gaith9ch aec9Hu1c Eigh6kai eiYoxie6
naV0Thua Vaish9th cohHash2 Iath1oob ooliey5J Eifim6ei fim9rohX Io7ia9Ee
xaePu9ei Fed0Ocho aijuB5ot laiY2wie ku2Aewai quu8ueNi Aevi2que Eiz1li3i
Izu4cieH om9eegaM ook7Eide Yoht5ma6 fee1ohQu Xoh3uush Koe9eiM5 you0NeiP
Vae8seiZ gahGhi8y Xaib0ooM ieD1paiw Uthaiph6 Sag3Vei6 iezueT2g ca2Aed4t
Eij6meiF Au2Ahpha ohc3ET2V ooth7aeM ju5EiGhe Fu1eihae aichahC9 Tai4eeYa
uGikaiX5 buo3yeeW thaeXi5f bieRie2O Hoetae6r Cai8uish phai5Ohn ekie3Bei
OHaimie0 ouk6aXoh Yeithah3 toe9Eewu RaSeido5 bieYah6i lahDohJ3 Oongoo0s
ohWie4oo Giphee5u aDesh6ab vait7Ea5 ieDee3ab Faip5oz2 Igaeh5Po Me1ailah
While the above may same excessive, in today’s world, it’s probably a tool which is needed. The default though I find to be too simplistic for my usage and use-cases.
pwgen provides a number of options that you can view in the help menu.
Usage: pwgen [ OPTIONS ] [ pw_length ] [ num_pw ]
But if you want to take my advice, use the command to generate passwords in the following manner.
pwgen -ysBv 15
Just try it and you will see the results. The only way you can learn the tool, any tool for that matter is to play with it.
Related Post: Learn how to change user password in Ubuntu and other Linux distributions.
I am hopeful and sure that most technology users might have heard and used xkcd by now. As it states right on the top it is”A webcomic of romance, sarcasm, math, and language.”- xkcd.com .
Now somewhere in end 2010, early 2011, xkcd.com published a webcomic strip –
That webcomic became an inspiration for the tool called xkcdpass. It entered Debian somewhere in 2015 so anybody running Debian squeeze and later are surely to have it. It tells about itself in its package description only – ” A flexible and scriptable password generator which generates strong passphrases, inspired by XKCD 936:” – giving homage to the webcomic which inspired its creation.
To use it, after installation one has to simply do –
bumper Bakunin untutored groszy mingler stoplight
Now what xkcdpass does is it has 12 dictionaries based on aspell work. You can read about the 12 dictionaries slightly long readme here.
xkcdpass by default uses dict2 and dict6 of the wordlist for their unique characteristics. Now while I’m not in a position to share whether it’s good choice of words or not, it’s an option that could and should be used, it can be combined with output of pwgen to have unique passwords as well. You can also use the first letter of each word of the passphrase to get a password which is easily memorable as well.
Whether it will be successful or not solely relies on the attacker’s skill and determination. For the casual brute-force attacks as shared above, the combination might be somewhat of a better choice.
Another contendor for good memorable password generation is diceware. It also can be installed as –
sudo aptitude install diceware
Now by default Diceware strings two or more words together to produce a string, something like this –
diceware comes with its own worldlist, it has two worldlists, one is plain english words and the other one comes from EFF. Those who don’t know EFF, it is an organization which works for individual privacy rights in digital domain among other things. So you can use it in two ways –
diceware --wordlist en_orig
and the one from eff:
diceware --wordlist en_eff
There is an outstanding bug to have some more eff lists which would make the package even more relevant in this heightened security scenario. Hopefully, it will be fixed soon so we have a better package.
On the GUI side, the first tool I would share is Revelation. First install the package.
sudo aptitude install revelation
Revelation is an oldish tool as it entered Debian since 2004 but has kept up with changes. Revelation describes itself as a GNOME 2 password manager but it is more than that. First either run it from either the command-line interface (CLI) or take the icon from the menu. You would usually find it in Menu > Accessories > Revelation . Just drag the icon from the menu to either the desktop or the top/bottom or side panel whichever is good for you, double-click to see the interface. For terminal users, do it as
Once you do it in either of the above ways, you need to go to View > Password Generator to see the Password Generator in action –
Once you click on that it will give you random passwords depending upon the length of the letters needed in the password and whether you need punctuation or not as can be seen in the picture below.
Now this is good or bad enough depending on what your needs are.
The tool has been in Debian for over a decade as well, was introduced in 2006. You can install it in Debian and other downstream or/and derivative distributions by doing:
sudo aptitude install keepassx
Keepassx describes itself as a Cross Platform Password Manager but its much more than that. It puts your password in a database (like Mozilla Firefox does with sqlite3) and also encrypts it either using AES or Twofish algorithims (similar to Mozilla Firefox as well.)
Now in Keepassx, there is no easy way to get to the password generator. The way is first make a database, then make a group and then make an entry, when making the entry you will see a small button say Gen. If you see the third line Repeat, you see blank space, the button next to the blnak space
Once you click on Gen, another window appears
The Generate button generates passwords for you depending on what options you choose. Just copy the password on your favorite text-editor to know what password was generated.
The biggest difference between the command-line tools (CLI) and the Graphical User Interface (GUI) tools is the CLI tools can be used in scripts. So they can be used for both users and web hosters who might want to offer password generation as a service along with other services.
Best practices and tips for having strong passwords and security
- No one tool or no one strategy is the answer to all kinds of attacks and there are many different types of attacks.
- If possible try to find services which don’t put a cookie or a password. Such services are rare but they are there. A good example would perhaps be duckduckgo.com
- One of the most important rule, don’t use the same password to all the sites. That is like having all locks in real life using the same key. You can very well understand the consequences of that.
- One of the most common ways that an attacker can attack you is by owning your ADSL modem/router. At the very least don’t leave it at ‘admin/admin’ for both user and password. Ideally, you should change both but if you don’t want to change user:admin at least change the password there.
- Lastly, read and research on your own – Being a web user, it is imperative that you read and research on your own. There are all kinds of tools and techniques being born every day, While it is next to impossible to learn and keep watch on all that is being claimed and shared, at least some barest knowledge is needed to survive in this web world.
Hope these password generation Linux tools and the tips helps you to be more secure. Have a safe time on the web.