Home Linux Commandline Tools How to Generate Random Passwords in Linux with pwgen Command

How to Generate Random Passwords in Linux with pwgen Command

You have likely encountered situations where a website or server requests you to set a strong password that adheres to their defined policy.

At times, it can be quite frustrating when the passwords you attempt to set either do not meet the criteria or trigger a pop-up notification stating that a predictable pattern such as ‘1233‘ is not allowed.

This generally occurs because the human brain tends to gravitate towards patterns and struggles to generate a truly random password that is both secure and compliant with the specified criteria.

That’s precisely where tools like the pwgen command in Linux come to your rescue, which is a widely used command to generate passwords that are both easy for humans to remember and secure.

This guide will cover all the aspects you need to know about creating secure passwords that meet specific criteria using the pwgen command in Linux.

Install pwgen Command in Linux

pwgen (short for “Password Generator”) is a well-established and widely used command that empowers users to generate random yet human-readable passwords.

Furthermore, it provides a useful flag -s that assists in generating secure passwords by combining lowercase letters, uppercase letters, special symbols, and numbers. It can even allow you to define specific patterns for creating passwords.

To install pwgen command, you can utilize any of the commands mentioned below based on your Linux distribution:

$ sudo apt install pwgen         [On Debian, Ubuntu and Mint]
$ sudo yum install pwgen         [On RHEL/CentOS/Fedora and Rocky/AlmaLinux]
$ sudo emerge -a sys-apps/pwgen  [On Gentoo Linux]
$ sudo apk add pwgen             [On Alpine Linux]
$ sudo pacman -S pwgen           [On Arch Linux]
$ sudo zypper install pwgen      [On OpenSUSE]    

Once pwgen is successfully installed, you can execute the “pwgen” command in the terminal to generate 160 random passwords, each consisting of 8 characters.

$ pwgen

Now, let’s talk about the syntax of the pwgen command:

$ pwgen [Options] [pw_length] [pw_count]

Here’s what each part of the above syntax means:

  • [Options] – Represents the flags/options provided by this command to modify its behaviour.
  • [pw_length] – Denotes the desired length of each password.
  • [pw_count] – Specifies the number of passwords you want to obtain.

For an overview of the pwgen command’s usage and the options/flags it offers, run:

$ pwgen -help
pwgen Command Help
pwgen Command Help

Let’s explore a few examples of the pwgen command to gain an understanding of its functionality.

How to Generate Random Passwords with Capital Letters and Numbers

When you need passwords of a precise character length, simply provide the desired number in the command. Additionally, the pwgen command offers a range of flags to fine-tune your password requirements, allowing you to include or exclude specific letter cases, numbers, and special characters.

To ensure the presence of both a capital letter and a number in a 12-character password, you can utilize the “-c” and “-n” flags as shown.

$ pwgen -c -n 12

Note: While these random passwords can be memorized by humans, it’s important to remember that they remain vulnerable to brute-force attacks. Therefore, to generate strong passwords, it’s highly recommended to always use the "-s" flag in the command.

$ pwgen -c -n -s 12
Generate Random Passwords in Linux
Generate Random Passwords in Linux

How to Generate Random Passwords without Capital Letters and Numbers

If you come across a situation where you desire a password containing only lowercase letters, you can use the “-A” and “-0” flags to generate passwords while excluding uppercase letters and numbers.

To obtain lowercase passwords with a character length of 14, use the following command:

$ pwgen -A -0 14

It can be observed that all the prompted passwords exclusively consist of lowercase letters.

Create Passwords Without Captial Letters and Numbers
Create Passwords Without Captial Letters and Numbers

How to Create Secure Passwords While Avoiding Ambiguous Characters

Moving forward, if you want to generate secure passwords of 14 characters while excluding ambiguous characters that could cause confusion or problems for individuals with visual impairments, like “0” or “O”, you can use the "-B" flag along with the "-s" flag as demonstrated.

$ pwgen -s -B 14

Note: The use of the “-B” flag is not generally recommended, as it reduces the number of possible passwords. However, in specific cases of genuine issues, this flag can serve as a useful solution.

Generate Secure Passwords in Linux
Generate Secure Passwords in Linux

How to Generate Secure Passwords While Excluding Specific Letters

Now, let’s explore a useful flag, -r, which allows users to specify characters to exclude from the passwords generated by the pwgen command.

To observe its functionality, execute the following command to generate secure passwords with a length of 8 characters while intentionally excluding the letters 'l' and 'O':

$ pwgen -s -r lO 8
Create Passwords by Excluding Specific Letters
Create Passwords by Excluding Specific Letters

How to Create a Secure Password Without Vowels?

The pwgen command offers yet another interesting flag “-v”, which returns the passwords without any vowels (“a”, “e”, “i”, “o” and “u”).

Now, let’s attempt to generate secure passwords of 16 characters that do not include vowels by executing this command:

$ pwgen -s -v 16

It is noticeable that none of the generated passwords contains a single vowel even, is not this cool.

Create Random Passwords in Linux
Create Random Passwords in Linux

How to Create a Password Using SHA1 Hash of a File

This command holds the ability to generate passwords using the SHA1 Hash of a provided file by utilizing the “-H” flag, which allows you to summon the same list of passwords again whenever you want, just by using that same file.

Let’s list out some 20-character-long passwords by using the SHA1 Hash of the “UbuntuMint.sh” file.

$ pwgen -H UbuntuMint/UbuntuMint.sh 20
Create Passwords Using SHA1 Hash File
Create Passwords Using SHA1 Hash File
Conclusion

PWgen is a widely used powerful command in Linux that is renowned for generating both random, human-readable passwords and secure passwords. It provides numerous options that assist users in creating passwords that fulfill their requirements.

Ravi Saive
I am an Experienced GNU/Linux expert and a full-stack software developer with over a decade in the field of Linux and Open Source technologies. Founder of TecMint.com, LinuxShellTips.com, and Fossmint.com. Over 150+ million people visited my websites.

Each tutorial at UbuntuMint is created by a team of experienced writers so that it meets our high-quality standards.

Was this article helpful? Please add a comment to show your appreciation and support.

Got something to say? Join the discussion.

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published or shared. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.