pwgen

Generate random password with symbols

$ pwgen [[-y|--symbols]] [length]

$ pwgen [[-s|--secure]] [length]

$ pwgen [[-c|--capitalize]] [length]

pwgen [options] [length] [number_of_passwords]

Examples:
pwgen 12 5 (Generate 5 passwords of 12 characters each)
pwgen -s 16 (Generate one highly secure, 16-character password)
pwgen -cnyB 10 (Generate a 10-character password with capitals, numbers, symbols, but no vowels)

length
    Specify the desired length for the generated passwords. If omitted, default to 16 characters.

number_of_passwords
    Specify the number of passwords to generate. If omitted, default to 1 password. This can also be controlled by the -N option.

-c, --capitalize
    Ensure the generated password contains at least one capital letter.

-n, --numerals
    Ensure the generated password contains at least one numeral (digit).

-y, --symbols
    Ensure the generated password contains at least one symbol (e.g., !, @, #).

-A, --no-ambiguous
    Exclude characters that could be easily confused, such as 'l', '1', 'O', '0'.

-B, --no-vowels
    Do not use vowels (a, e, i, o, u) when generating pronounceable passwords, making them less pronounceable but potentially harder to guess.

-s, --secure
    Generate completely random, non-pronounceable passwords for maximum cryptographic strength. This option overrides the pronounceable generation.

-x, --no-repeating
    Attempt to avoid using repeating characters consecutively in the password, if possible given the character set.

-N num, --num-passwords=num
    Generate a specific num of passwords. This is an alternative to the positional number_of_passwords argument.

-h, --help
    Display a help message and exit.

pwgen is a command-line utility designed to generate random passwords that are both secure and, optionally, easy for humans to remember and type. Unlike purely random string generators, pwgen can create "pronounceable" passwords by intelligently combining character sets, making them more user-friendly for human recall. It offers extensive options to customize password characteristics, including length, number of passwords, inclusion of capital letters, numerals, and symbols. Users can also specify constraints such as avoiding ambiguous characters (e.g., 'l' and '1') or generating completely random, non-pronounceable passwords for maximum security. This flexibility makes pwgen a versatile tool for various password generation needs, balancing security requirements with practical usability.

While pwgen can create "pronounceable" passwords for easier memorization, these might inherently be less cryptographically secure than completely random strings generated with the -s option, or other tools that prioritize maximum randomness. For highly sensitive accounts, it's generally recommended to use passwords generated by a dedicated password manager or a truly random source like /dev/urandom, especially if pronounceability is not a critical requirement. The effectiveness of "pronounceable" passwords relies on the underlying dictionary and generation logic; an attacker might be able to exploit these patterns if the entropy is low or the method predictable.

pwgen's unique feature is its ability to generate pronounceable passwords, which can aid memorization. However, this comes with a slight trade-off in pure randomness compared to passwords generated without this constraint. For maximum security, especially for sensitive accounts, it is recommended to use the -s (secure) option, which generates completely random, non-pronounceable passwords, or to rely on tools that prioritize cryptographic randomness above all else.

By default, pwgen generates 16-character pronounceable passwords. These passwords will typically include a mix of lowercase letters and sometimes numbers, aiming for a balance between strength and ease of use. To include uppercase letters, numbers, or symbols, explicit options (-c, -n, -y) must be specified.

pwgen has been a staple utility in the Linux and Unix-like ecosystem for many years, filling the niche for human-friendly password generation. Its development reflects the ongoing challenge of balancing strong security practices with practical usability. The tool aims to mitigate the common user tendency to choose weak, easily guessable passwords by providing a simple, quick way to generate secure yet memorable alternatives. It's often included in standard Linux distributions as part of the util-linux or similar core utilities packages, showcasing its established role in system administration and general user security.

apg(1), openssl(1), mkpasswd(1), /dev/urandom