Generating Strong Passwords

(Day 6 of 30 Days of Blogging)

APG is a command line program for generating random passwords. On Ubuntu/Debian it can be installed with sudo apt install apg.

Here are the flags I use with it:

apg -a 1 -n 1 -m 25 -x 30 -M SNCL -d -E "'\"\`\\"

-a 1: Specifies to use true random instead of the default mode of pronounceable passwords. The assumption is that these passwords are going to be remembered by a password manager and not a brain.

-n 1: Only generate one password, by default apg will generate multiple.

-m 25 -x 30: Generate a password between 25 and 30 characters long. Probably overkill, but I love me some entropy.

-M SNCL: Guarantees the password will contain at least one symbol, number, capital, and lowercase character. Handy for websites that enforce passwords with these characters.

-E "'\"\`\\": Prevents the password from containing quotes and backslashes, meaning passwords are always safe to paste into a string literal in source code.

The output of this command can be piped into xsel to copy it to the clipboard. See generate-password for what that looks like.

Note: apg hasn’t been updated since 2003 and its creator has disappeared from the Internet. If there’s some other password generator I should be using do let me know, but I haven’t found anything that matches apg’s features. Although perhaps using software that’s “finished” and built to last isn’t necessarily a bad thing.