How to Generate a Strong Password in Linux?

Linux operating system is famous for its security key feature because it requires the root user/system administrator authentication to perform any task in the system. Unless the normal user does not provide the root user password, no operation can be performed in the system.

If the root user password is not strong, then the other users may easily figure it out and gain access to the whole system. So it is recommended to generate a strong password for all system accounts and services. It acts as a main barrier and prevents unauthorized access to sensitive and valuable system information.

This guide lists all possible aspects of generating a new password in Linux.

Method 1: Using the “urandom” Command

The “urandom” command is used to generate a user-choice password, i.e., random password by using the “/dev/urandom” device. It uses the random-number entropy pool for generating random numbers, long-term keys, and one-time passwords.

Execute the “urandom” command to generate a strong password of length “10”:

$ head -c 10 /dev/urandom | base64

The above command contains the following parameters:

  • head: Generates a string of “10” characters defined as “-c 10”
  • /dev/urandom: Represents the special “/dev/urandom” file
  • base64: Converts binary encode into the printable text format.

The newly strong password has been generated.

Method 2: Using the “makepasswd” Command

The “makepasswd” command also assist Linux users in generating and encrypting password in a Linux shell. It also uses the “/dev/urandom” special device discussed in “method 1”.

Install the “makepasswd” tool

The “makepasswd” is generally not installed in many Linux distributions, so first install it using the default package managers as per Linux distro:

$ sudo yum install makepasswd                   #For Fedora
$ sudo apt install makepasswd                   #For Debian based

The “makepasswd” tool has been installed successfully.

Example 1: Generate a Single Password

By default, the “makepasswd” without any argument simply generates a password of “8” characters like this:

$ makepasswd

Example 2: Generate Multiple Passwords of Particular Length

The “makepasswd” command can also generate more than one password of the specified length at a time using its “chars” and “count” flag:

$ makepasswd --chars=6 --count=9

The “–chars” flag represents the length of the characters i.e “6”, and the “count” defines the no of passwords “9”:

The list of “9” passwords displayed in the terminal have been generated in Linux shell.

Note: For more options of the “makepasswd” command, access its “man” page using the following command:

$ man makepasswd

Method 3: Using the “gpg” Command

The “gpg” command is known as the “GNU Privacy Guard”, which is beneficial for encrypting and decrypting files. It can also be utilized to generate a strong password of a particular length.

Type the “gpg” key with the “–gen-random” keyword that generates a random password and with the “armor(encoded base64 output)” flag:

$ gpg --gen-random --armor 1 8

The newly strong password of length “12 (“8” characters, “4” numbers, “1” special character)” has been generated.

Method 4: Using the “apg” Command

An “apg” is the “Automatic Password Generator” command line tool to generate a strong random password in Linux. It generates a “pronounceable” password that contains characters of lower & uppercase and also numeric values.

Execute the “apg” command without passing any flag with it. It will generate six strong passwords that are easily pronounceable:

$ apg

Strong Password Of Specific Length

The “-n” flag of the “apg” command assists the user in creating a password of a particular length. The following command shows its practical implementation:

$ apg -n 9

The “9” strong password has been generated using the “apg” command.

Method 5: Using the “xkcdpass” Command

The xkcdpass” is another flexible password generator that generates strong passwords in the form of passphrases. It comes by default in most Linux distributions.

Install “xkcdpass” tool

In case the “xkcdpass” is not installed, then first install it using these commands as per Linux distributions:

$ sudo pacman -S xkcdpass                      #For Arch based
$ sudo yum install xkcdpass                    #For RPM based
$ sudo apt install xkcdpass                    #For Debian based

The “xkcdpass” has been installed successfully.

Example 1: Generate a Password

Type the xkcdpass” in the terminal and run it to generate a strong password of “6” passphrases by default:

$ xkcdpass

The password has been generated as shown in the terminal.

Example 2: Generate Password of Specific Length

Same as the “apg” tool, the “-n” flag of “xkcdpass” also allows to create the password having a specified number of passphrases:

$ xkcdpass -n 5

The “5” passphrases password has been generated successfully.

Method 6: Using the “pwgen” Command

The “pwgen(password generator)” is the simplest tool to generate a strong and secure password that is humanly pronounceable as well as memorable. It is not pre-packaged in the Linux system.

Install “pwgen” tool

Install “pwgen” in majorly used Linux distributions using the below-mentioned commands:

$ sudo dnf install pwgen                     #For Fedora
$ sudo yum install pwgen                     #For CentOS and RHEL
$ sudo apt install pwgen                   #For Debian based

The “pwgen” has been successfully installed.

List of Passwords

By default, the “pwgen” without any supported flag generates 160 passwords having “8” characters in each password:

$ pwgen

The terminal has filled with “160” random passwords.

Generate a Secure and Strong Password

Usually, 160 passwords are not useful, so specify the number i.e “8” with the “pwgen” command to generate a secure password having at least  “1” digit:

$ pwgen 8 1

The password of length “8” has been printed in the terminal as an output.

Method 7: Using the “openssl rand” Command

The “openssl rand” command generates a random password for the Linux system accounts and services. It only requires the length of a password that the user wants to generate.

Specify the password length, i.e., “14” and the “base64(encoding output)” with the “openssl rand” function as a command to generate the password:

$ openssl rand -base64 7

The new password of length 14(“9” characters, “1” number, “2” special characters)” has been generated and printed on the terminal.

Method 8: Using the “perl” Script

The “perl” is known as the “Practical Extraction and Report Language. It is a high-level programming language that can be used for generating unique and strong password phrases. It comes pre-installed in the default repositories of Linux distributions.

Create/Open Perl Script

The first step is to create or open the perl script having “.pl” extension in the text editor i.e “nano” is used in this scenario:

$ nano pass_gen.pl

Once the new “pass_gen.pl” file is opened, add the following line of codes in it:

#!/usr/bin/perl

my @alphanumeric = ('a'..'z', 'A'..'Z', 0..9);

my $password = join '', map $alphanumeric[rand @alphanumeric], 0..12;

print "$password\n"

The “pass_gen.pl” script description is as follows:

  • The “/usr/bin/perl” denote the Perl interpreter that will run the given per script.
  • The “my @alphanumeric” specifies the string that includes lowercase characters “a..z”, uppercase “A..Z”, and the digits “0..9”.
  • The “$password” variable. 
  • The “print” command will print the “$password” variable value in a new line using “\n(newline character)”:

Press “Ctrl+S(save)” and “Ctrl+X(exit)”.

Execute the Script

Now, execute the created “pass_gen.pl” Perl script and see the output:

$ perl pass_gen.pl

The “pass_gen.pl” script has generated the unique password of “12” length.

Conclusion

To generate a strong password in Linux, use the “urandom”, “makepasswd”, “gpg”, “apg”, “xkcdpass”, and “pwgen” command line utilities. This task can also be performed by using the pre-installed “openssl rand” command and the “Perl” scripting language. The usage of all the discussed utilities is quite simple and straightforward.

This guide has provided all possible methods to generate a strong password in Linux.