Choosing Good Password Rules and Password generation Tools

      For every administrator Choosing a good password, and changing it often, will make it difficult for hackers, crackers, or even someone you know, to make educated guesses about what you've chosen. Here are some tips to help you choose a good password:

Don't Use:

  • Your name - any part of it (first, last, middle, or intials)
  • Your social security number
  • Names of friends, family, or pets
  • Birthdates
  • Phone numbers or addresses
  • Any other personal information that could be guessed
  • Place names
  • Words from the English dictionary
  • Words from a foreign dictionary
  • Your username or login name
  • Your computer's name
  • Repetition of the same letter
  • Sequences of keyboard keys, such as "12345" or "qwerty", or sequences of letters such as "abcde"
  • Any minor variation of the above, such as spelling your name backwards or appending a character to the end of your name

Do Use:

  • Six or more characters
  • A mix of upper and lower-case letters (placing capital letters in random locations throughout a password is also highly effective)
  • A password you can type quickly, without having to look at the keyboard. This will make it harder for someone to steal your password by looking over your shoulder.
  • Nonsense words that are easy to pronounce (and to remember, so you don't have to write them down) but aren't listed in any dictionaries
  • Note: A good way to choose a secure, but easy-to-remember password is to use the first character of each word in a phrase, poem, or song lyric. For instance, "Asb*Mf" stands for "April showers bring May flowers"; the asterisk in the middle is included for extra security. (But don't use this password now that it's been given as an example!)

    Password Generation tools in Debian

     Automatic password generation tools available in debian some of these tools and their brief details


    APG (Automated Password Generator) is the tool set for random password generation. It generates some random words of required type and prints them to standard output

      Check the apg man page for syntax and other details

     Install in Debian

     # apt-get install apg


     pwgen generates random, meaningless but pronounceable passwords. These passwords contain either only lowercase letters, or upper and lower case mixed, or digits thrown in. Uppercase letters and digits are placed in a way that eases remembering their position when memorizing only the word.

      Check the pwgen man page for syntax and other details

     Install in Debian

     # apt-get install pwgen


Trigraph Password Generator

This package generates pronounceable passwords. It uses the statistics of three-letter combinations (trigraphs) taken from whatever dictionaries you feed it.

Thus pronounceability may differ from language to language. Based on the ideas in Morrie Gasser's password generator for Multics, and Dan Edwards's generator for CTSS. FIPS Standard 181 describes a similar digraph-based generator, derived from Gasser's.

Check the gpw man page for syntax and other details

     Install in Debian

     # apt-get install gpw


Password manager with encryption

ZSafe is a password manager. Passwords can be stored into user defined categories. The password file will be encrypted by using a secure RC2 mechanism.

ZSafe makes a fine standalone application with features such as import and export, encrypted storage, etc.

But one of the added benefits is that it is built from the same source code as the ZSafe program for the Sharp Zaurus line of PDAs. Thus, you can use the same program and work with the same files on your desktop as you can on your PDA. This program uses the same on-disk format as the Zaurus version

Check zsafe man page for syntax and other details

     Install in Debian

     # apt-get install zsafe

Password managers for Desktop environments



KDE Wallet Manager

KDE is a powerful Open Source graphical desktop environment for Unix workstations. It combines ease of use, contemporary functionality, and outstanding graphical design with the technological superiority of the Unix operating system.

This program keeps various wallets for any kind of data that the user can store encrypted with passwords and can also serve as a password manager that keeps a master password to all wallets.

This package is part of the official KDE utils module.

     Install in Debian

     # apt-get install kwalletmanger



GNOME keyring services (daemon and tools)

gnome-keyring is a daemon in the session, similar to ssh-agent, and other applications can use it to store passwords and other sensitive information.

The program can manage several keyrings, each with its own master password, and there is also a session keyring which is never stored to disk, but forgotten when the session ends.

     Install in Debian

     # apt-get install gnome-keyring