Making unbreakable passwords

Making unbreakable passwords is a challenge. You need a password that is easy to remember and also hard to figure out. That is the paradox that we have been living in for many years. Relying on just your memory is not enough, especially if you have many passwords to remember, and who doesn’t?

So how do you make a password that is both easy to remember and will stand up to those who want to try to guess your password? Here are some general rules that make good passwords.

It is large enough – 20 characters or more helps
It contains a mix of upper and lower case letters
Contains numbers and symbols
It is not found in any dictionary (Yes, there are dictionaries for misspellings )
No repeated strings of letters – b3b3b or sisisi
It contains no series of letters on the keyboard – like qwerty
It contains no personal data – your birthday or other major events, or your college mascot
You alone know the password
It should be used only once – don’t use one password on multiple sites

Using a generator to help

In Linux there are several password generators – some of which come with the system. One that I found is called pwgen. pwgen is the oldest password generators for Linux.

pwgen –y 20

This command will give you 20-letter passwords that are random.

Another which is called Automated Password Generator (apg) will give you randomized passwords but you first have to give it a series of random keystrokes to go on. It also gives you a way to pronounce them to make them more memorable.

apg –m 20 –s -t –m SNCL

You can get all of them sent to a text file by typing:

apg –m 20 –s -t –m SNCL >> passwords.txt

This will append itself every time you run the command. This is how I come up with lists of hundreds of passwords at a time. One of the nice things about this command is that it gives you the pronunciation of the password so that it is easier to remember.

Here are a few examples that were generated (don’t use any of these):

You can also make your own passwords at the command line with all of the characters you want.

tr -dc ‘a-zA-Z0-9~!@#$%^&*_()+}{?></”;.,[]=-‘ < /dev/urandom | fold -w 20 | head -n 1

The tr command filters characters from /dev/urandom: it deletes characters that don’t match what is specified in its argument (a-zA-Z0-9~!@#$%^&*_()+}{?></”;.,[]=-). Then the fold command wraps the output every 20 characters and head takes only the first line, effectively stopping the pipeline after 20 characters were printed.

So how strong are your passwords?

You can check them in a number of ways. First try the cracklib-check command by typing in your password and seeing what it says.

As you can see the tool is fairly basic and is only your first check. There are others that you can check with. One of my favorites is online it is called password meter. It evaluates a lot of things concerning your password, including – Sequential numbers, letters, and symbols.

“Remembering” passwords

Someone once said that “a short pencil is better than a great memory” and that comes into play when you are trying to remember hundreds of complex passwords. Putting them down on paper is easiest, but not very secure. The same goes for spreadsheets and word processing programs. Keepass is a program that allows you to encrypt your passwords and keep them safe by remembering only one password. It essentially is an encrypted database. This will keep your passwords safe and ready to use.

Check with Keepass – there are a lot of versions for different OSs out there. There is even a portable app for keepass.

Conclusion

No matter how you make your passwords. Remember the “rules” that I told you about at the beginning of the article. Randomness of the characters and not spelling anything in any dictionary is important. Keep your passwords safe so only you know about them. A handy thumb drive of a few gigabits will do the trick.