You have likely encountered situations where a website or server requests you to set a strong password that adheres to their defined policy.
At times, it can be quite frustrating when the passwords you attempt to set either do not meet the criteria or trigger a pop-up notification stating that a predictable pattern such as ‘1233‘ is not allowed.
This generally occurs because the human brain tends to gravitate towards patterns and struggles to generate a truly random password that is both secure and compliant with the specified criteria.
That’s precisely where tools like the pwgen command in Linux come to your rescue, which is a widely used command to generate passwords that are both easy for humans to remember and secure.
This guide will cover all the aspects you need to know about creating secure passwords that meet specific criteria using the pwgen command in Linux.
Install pwgen Command in Linux
pwgen (short for “Password Generator”) is a well-established and widely used command that empowers users to generate random yet human-readable passwords.
Furthermore, it provides a useful flag -s that assists in generating secure passwords by combining lowercase letters, uppercase letters, special symbols, and numbers. It can even allow you to define specific patterns for creating passwords.
To install pwgen command, you can utilize any of the commands mentioned below based on your Linux distribution:
$ sudo apt install pwgen [On Debian, Ubuntu and Mint] $ sudo yum install pwgen [On RHEL/CentOS/Fedora and Rocky/AlmaLinux] $ sudo emerge -a sys-apps/pwgen [On Gentoo Linux] $ sudo apk add pwgen [On Alpine Linux] $ sudo pacman -S pwgen [On Arch Linux] $ sudo zypper install pwgen [On OpenSUSE]
Once pwgen is successfully installed, you can execute the “pwgen” command in the terminal to generate 160 random passwords, each consisting of 8 characters.
$ pwgen
Now, let’s talk about the syntax of the pwgen command:
$ pwgen [Options] [pw_length] [pw_count]
Here’s what each part of the above syntax means:
[Options]– Represents the flags/options provided by this command to modify its behaviour.[pw_length]– Denotes the desired length of each password.[pw_count]– Specifies the number of passwords you want to obtain.
For an overview of the pwgen command’s usage and the options/flags it offers, run:
$ pwgen -help
Let’s explore a few examples of the pwgen command to gain an understanding of its functionality.
How to Generate Random Passwords with Capital Letters and Numbers
When you need passwords of a precise character length, simply provide the desired number in the command. Additionally, the pwgen command offers a range of flags to fine-tune your password requirements, allowing you to include or exclude specific letter cases, numbers, and special characters.
To ensure the presence of both a capital letter and a number in a 12-character password, you can utilize the “-c” and “-n” flags as shown.
$ pwgen -c -n 12
Note: While these random passwords can be memorized by humans, it’s important to remember that they remain vulnerable to brute-force attacks. Therefore, to generate strong passwords, it’s highly recommended to always use the "-s" flag in the command.
$ pwgen -c -n -s 12
How to Generate Random Passwords without Capital Letters and Numbers
If you come across a situation where you desire a password containing only lowercase letters, you can use the “-A” and “-0” flags to generate passwords while excluding uppercase letters and numbers.
To obtain lowercase passwords with a character length of 14, use the following command:
$ pwgen -A -0 14
It can be observed that all the prompted passwords exclusively consist of lowercase letters.
How to Create Secure Passwords While Avoiding Ambiguous Characters
Moving forward, if you want to generate secure passwords of 14 characters while excluding ambiguous characters that could cause confusion or problems for individuals with visual impairments, like “0” or “O”, you can use the "-B" flag along with the "-s" flag as demonstrated.
$ pwgen -s -B 14
Note: The use of the “-B” flag is not generally recommended, as it reduces the number of possible passwords. However, in specific cases of genuine issues, this flag can serve as a useful solution.
How to Generate Secure Passwords While Excluding Specific Letters
Now, let’s explore a useful flag, -r, which allows users to specify characters to exclude from the passwords generated by the pwgen command.
To observe its functionality, execute the following command to generate secure passwords with a length of 8 characters while intentionally excluding the letters 'l' and 'O':
$ pwgen -s -r lO 8
How to Create a Secure Password Without Vowels?
The pwgen command offers yet another interesting flag “-v”, which returns the passwords without any vowels (“a”, “e”, “i”, “o” and “u”).
Now, let’s attempt to generate secure passwords of 16 characters that do not include vowels by executing this command:
$ pwgen -s -v 16
It is noticeable that none of the generated passwords contains a single vowel even, is not this cool.
How to Create a Password Using SHA1 Hash of a File
This command holds the ability to generate passwords using the SHA1 Hash of a provided file by utilizing the “-H” flag, which allows you to summon the same list of passwords again whenever you want, just by using that same file.
Let’s list out some 20-character-long passwords by using the SHA1 Hash of the “UbuntuMint.sh” file.
$ pwgen -H UbuntuMint/UbuntuMint.sh 20
Conclusion
PWgen is a widely used powerful command in Linux that is renowned for generating both random, human-readable passwords and secure passwords. It provides numerous options that assist users in creating passwords that fulfill their requirements.
