Use pwgen(1)?

But if that’s too easy for you, here are some more complicated ways of doing it:

PerryLorier's preferred and highly recommended way of choosing passwords

 cat /dev/urandom | tr -dc ' -~' | fold -w 20 | head -n 1

His new password is _]}e9pgU5-u6_hr[KF|*.

What this does

/dev/urandom is an interface to the kernel's random number generator. If you cat it, you'll get (mostly) random characters. See random(4) for information.

tr(1) is a character translator. -d stands for 'delete characters in this set' and -c stands for 'compliment'. If you check ascii(7) you will see that space and tilde () are the outer limits of the 'typeable' ASCII character set. The translator stage will throw away anything lower than space or higher than tilde (all the high-bit ASCII character).

fold(1) wraps lines to a certain width. -w 20 wraps at 20 characters (the default is 80.) Mere mortals will probably want to set this to around 8.

head(1) (the opposite of tail(1)) returns the first lines of an input. head -1 returns only the first line. (use head -n 8 if you want some choices to pick from).

But but but

If you're a real Unix nerd or are worried that using another process for cat(1) will only accelerate our path to the heat death of the universe, you can use

< /dev/urandom tr -cd '[:print:]' | head -c 20 # every time you waste a cat, god kills a kitten


AristotlePagaltzis prefers slightly less cryptic passwords that are longer instead, which results in

< /dev/urandom tr -cd '[:alnum:]$!@_:=-' | head -c "${1:-32}"

Other methods

Another popular method is to take the first letter of each word in a line from a song (eg I want to ride my bicycle -> iw2rmb)

Pick a password that sounds like an English word, and people are more likely to remember it. A good Java password generator can be found at

If none of these methods are to your liking, you can always set your password to gandalf. This is highly original, and no one is likely to think of it.

You might find more information on the SecurityNotes page.