Linux Security

5 Ways To Generate Secure Passwords On Linux

Danny Stieben 07-08-2014

It has become more crucial than ever to use strong passwords for your online accounts. Without a secure password, it’s easy for others to crack yours The 7 Most Common Tactics Used To Hack Passwords When you hear "security breach," what springs to mind? A malevolent hacker? Some basement-dwelling kid? The reality is, all that is needed is a password, and hackers have 7 ways to get yours. Read More . It’s great if you can come up with a good password on your own 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More , but if you are out of ideas or feel like your own ideas aren’t secure enough, you can get your computer to spit one out for you.


It’s worth the effort, so let’s get right to it. Here are five ways you can generate brand new, secure passwords you can trust.


The Automatic Password Generator, or APG for short, comes installed on all Ubuntu systems. It’s an easy to use utility which can give you various passwords based on the random input from your keyboard. For example, you can run apg in a terminal and it will offer six “pronounceable” passwords. They’re meant to be pronounceable in order to make them somewhat more memorable, although the majority of them are still very random.

If you’d like entirely random passwords, you can run apg -a 1, which will give you passwords with 8-10 completely random characters. Of course, this is also only after you’ve given it some random input using your keyboard.


pwgen is another utility that is just a quick installation away with the command sudo apt-get install pwgen. Simply running the command pwgen will flood your terminal with many passwords, so you’re just supposed to pick one at random (preferrably not the first or last one).

This is done in case someone is nearby or looking over your shoulder — that way they won’t know which password you’ve chosen out of the many that are displayed.


You can also use these flags:

  • -1: Gives you just one password rather than an entire screen full of them.
  • -s: Uses a different algorithm to make it even more secure.
  • -y: Add special characters to the provided password.
  • -0: Don’t include numbers.
  • -B: Don’t use characters that are hard to read, such as 1 I l or 0 O
  • -v: Don’t allow any vowels. This is primarily used if the website doesn’t allow offensive language to be used in passwords.


makepasswd is yet another utility that makes generating passwords very straightforward. You can install it with the command sudo apt-get install makepasswd. From there, you can create some passwords with the command makepasswd -count X -minchars Y, replacing X with the number of passwords you want and Y with the minimum length of each password. It  is also flexible enough for other uses.

For example, a command like makepassword -string 1234567890 -chars 4 will give you a randomized numerical-only password with only four digits, a.k.a a PIN (Personal Identification Number).


If remembering your passwords is the hardest part about using secure passwords for you, then passwordmaker will be your new best friend. You can install it with the command sudo apt-get install passwordmaker-cli. Then, the best way to use this utility is to use the command passwordmaker --url, where you can replace with another website of your choice. It will then ask you for a “Master Password” before giving you a secure one.


The good thing about this is that you can use the same Master Password and get different passwords for different sites. If you forget a password for a certain site, you can run the utility again with the same website and Master Password, and you’ll get the same secure password.

Manually with Well-Crafted Commands

Lastly, you can also try to use some well-crafted commands to make your own passwords, without having to rely on special utilities to generate them. For example, you can use the command date +%s | sha256sum | base64 | head -c 32 ; echo to create a password, and it will always be unique because it is based on the current date, including seconds. Another example that’s easier to remember (the command, that is, and not the password it generates) is date | md5sum.

What Do You Use For Passwords?

As you can see, there are loads of ways to generate secure passwords on Linux, so there’s no excuse not to. If you’d rather not write your passwords down and still not have to worry about remembering them, I’d definitely recommend using passwordmaker. You will thank yourself later. It’s also possible to use a password manager like LastPass The Complete Guide to Simplifying and Securing Your Life with LastPass and Xmarks While the cloud means you can easily access your important information wherever you are, it also means that you have a lot of passwords to keep track of. That's why LastPass was created. Read More to recall them for you when you need them.

If you need other ideas on how to come up with your own passwords, follow the tips from security expert Bruce Schneier Security Expert Bruce Schneier On Passwords, Privacy and Trust Learn more about security and privacy in our interview with security expert Bruce Schneier. Read More .


How do you generate and remember secure passwords? What’s your perfect balance of security and convenience? Let us know in the comments!

Related topics: Online Security, Password.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Reese
    September 10, 2018 at 10:18 pm

    Please remove the suggestion to generate a password by hashing the base64 encoded date. Yes it is unique each time you run it, and yes it *appears* random, but the number of passwords it can generate is severely limited, i.e. easy to brute force. All it takes is one person reading this article, adding this technique to their list of attack algorithms. Much better to incorporate /dev/urandom

  2. LeFeRiSoN
    November 6, 2017 at 3:34 pm

    For this command : date +%s | sha256sum | base64 | head -c 32 ; echo

    You can use : date +%s%N (%N for NanoSecond)
    So you can use this : date +%s%N | md5sum (+ | head -c XX ; echo)

    Bye ;)

  3. treegb
    September 30, 2016 at 5:39 pm

    I have some opinion about the last method ("Manually with Well-Crafted Commands").
    I found this will not match the result as some online service (sha256 to base64) does, until you add "xdd -r -p" between pipes to convert HEX to binary first:
    echo -n "This is my original secret message." | sha256sum | xxd -r -p | base64
    only now will match.
    Please let me know if I'm right or not, thanks.

  4. Ed
    December 1, 2014 at 2:29 pm

    date +%s | sha256sum | base64 | head -c 32 ; echo

    That's a rather stupid advice, as taking current unix time as the only entropy soource significantly limits randomness of the generated password. Moreover output of sha256 is already in range 0-9a-f, so piping it through base64 and then taking just first 32 characters reduces entropy even further.

    To reiterate: this only LOOKS random.

    Better use st. like:

    dd if=/dev/urandom bs=1 count=20 2>/dev/null | base64

  5. J.m. H
    August 9, 2014 at 2:30 pm

    There's one other one you missed. LastPass ( can generate strong passwords very easily as well. It's primarily a browser-based tool (with free and paid versions, and with the paid version you get access to a mobile app) and it's my goto for generating secure passwords. You can specify the length of the password as well as what kinds of characters to use, and if you are looking for something specific (I tend to use a longer password with two very specific non alphanumeric characters) you can keep generating passwords until you find one you like. LastPass will also save your passwords behind a master password and they let me know all of the sites I need to get new passwords for after Heartbleed hit. They already have a page ( letting us know what we need to do in the wake of the CyberVor breach.

  6. np
    August 9, 2014 at 3:07 am

    Thanks for the hash based tip!

    I hadn't though of that before, but that's a great idea if you want to avoid using a password manager or random passwords.

    You can remember a "source phrase" which can have an associated substring for every site that acts like a salt, then pass that source phrase to sha256sum and now you have a practically uncrackable password without a single weak link (password manager) that's still easily memorable.

  7. Godel
    August 8, 2014 at 11:43 pm

    Passwordmaker is also available as a add-on for Pale Moon/ Firefox, or as a portable GUI program for Windows.

    Just make sure you use a good enough master password. Because Passwordmaker works by creating a hash from the inputs the output isn't truly random, so in theory might be decoded if your master password is the usual "password", "123456" etc that beginners are prone to use..

  8. Tone
    August 8, 2014 at 4:45 pm

    I use a combination of places and dates from the past sometimes. I quite like basing them on old car registration numbers and model details too. I avoid words and common abbreviations.

  9. Ketim
    August 8, 2014 at 8:03 am

    I use KeePass2 a free password manager on multiple platforms, very useful. It's also available on Android and can be synced thru Dropbox.

    • Bob Y
      August 9, 2014 at 3:27 pm

      Yeah, I use LastPass, but the same idea. It is both a password safe and can generate secure passwords. All your passwords are then available through Android, Windows, Linux, and browsers. It's nice.

  10. Ketim
    August 8, 2014 at 8:02 am

    I use KeePass2 a free password manager on multiple platforms, very useful. It's also available on Android and can be synced thru Dropbox.

  11. Ketim
    August 8, 2014 at 8:02 am

    I use KeePass2 a free password manager on multiple platforms, very useful. It's also available on Android and can be synced thru Dropbox.

  12. Ken D
    August 7, 2014 at 11:27 pm

    Nice - apg is clearly the simplest, and I didn't know it existed. Had to install it in Xubuntu but that took 15 seconds. In the past I have just grabbed a newspaper ad section and picked a phrase that had words and numbers like Now60%offallweek! but whatever I pick I still have to write it in an actual rolodex I keep on my desk or I will forget it in five seconds. That's a tip for all you cybercriminals - all my passwords are in the rolodex.