Generate Passwords Locally
Generating passwords isn't complicated. You can do it using normal CLI commands. Today, we can't use an easy password like your mother's middle name or your first pets. They need to be long and complicated.
The security landscape has changed and ID theft and hacking are a serious threat to normal users as they are considered easier than attacking their employers straight on. Many times the hacker gains access using an employee's data or even using their machine for the final attack on the corporate.
Using the CLI to create sets of passwords
The pwgen command generates random, pronounceable passwords. It can be used directly from the CLI. It comes with various options to customize the output. See the man page for details.
The pwgen program generates passwords which are designed to be easily memorized by humans, while being as secure as possible. Human-memorable passwords are never going to be as secure as completely random passwords.
The pwgen program is designed to be used both interactively, and in shell scripts.
pwgen without the -s option should not be used. They can be cracked via a brute-force attack. Use a password manager!
Completely randomly generated passwords have a tendency to be written down, and are subject to being compromised in that fashion.
To use PASSWD you need a long and complicated password.
The passwd command changes passwords for user accounts. A normal user may only change the password for their own account, while the superuser may change the password for any account. passwd also changes the account or associated password validity period.
Best password manager PASS
You can generate passwords, store them and use it for OTP generation.
You may like to add a GUI like QtPass.
Generate Passwords with PWGEN
There are a number of options, the most important is --secure, see below.
Other important ones: - B or --ambiguous, -N or --num-passwords=num, -y or --symbols . If not on your system, install by sudo dnf install pwgen.
How not to use PWGEN
- The easiest is to type
pwgenand you have an 8 x 20 matrix of passwords of 8 characters and numbers.
⚠️ These are not safe to use, a brute force attack can and will break them.
The secure way using PWGEN
Always use the option -s (--secure). This way you generate completely random, hard-to-memorize passwords. These should only be used in with a password manager.
- generate 5 passwords, 20 long:
pwgen -s 20 5 - same but with also symbols:
pwgen -sy 20 5 - and without ambiguous:
pwgen -syB 20 5
GnuPG Randomness
This command uses GPG’s random number generator to create an armored, base64-encoded string.
gpg --gen-random --armor 1 20Time-Based Randomness
Mixing the current date with sha256sum gives you a time-based random sting,
date +%s | sha256sum | base64 | head -c 20combining the current timestamp with SHA-256 hashing and Base64 encoding, giving afresh randomness every second.
Needing a UUID or use it for a Password
Creating a UUID uuidgen or use a part of it for a password
uuidgen | cut -c 5-28
Final words
You can use any function or command that creates something with randomness can be used. You can also chain them to make more complicated and really crazy.
