How to Evaluate and Strengthen Your Linux Passwords with Cracklib and pwscore

Strong, unique passwords are the first line of defense against account compromise, yet many users reuse simple passwords that are easy to guess.

Password Best Practices

Use passwords at least 12 characters long, mixing numbers, upper‑ and lower‑case letters, and special symbols.

Avoid dictionary words, personal names, or common phrases.

Employ a different password for each service (e.g., email, messaging, banking).

Change passwords regularly.

Using cracklib

Installation

Install the tool from your distribution’s package manager:

$ sudo dnf install cracklib

$ sudo apt install libcrack2

$ sudo pacman -S cracklib

$ sudo yum install cracklib

$ sudo zypper install cracklib

Checking passwords

Run cracklib-check to see why a password is weak:

$ echo "password" | cracklib-check
password: it is based on a dictionary word

$ echo "123" | cracklib-check
123: it is WAY too short

$ echo "ME$2w!@fgty6723" | cracklib-check
ME$2w!@fgty6723: OK

Using pwscore

Installation

On most Linux distributions, install the package that provides pwscore (often libpwquality).

$ sudo apt install libpwquality

Evaluating password strength

pwscore

reports why a password fails checks and assigns a numeric score when it passes:

$ echo "password" | pwscore
Password quality check failed: The password is based on a dictionary word

$ echo "123" | pwscore
Password quality check failed: The password is shorter than 8 characters

$ echo "ME!@fgty6723" | pwscore
90

Conclusion

Even though attackers have many ways to steal data, a robust, complex password remains the simplest and most effective protection for personal information on Linux systems.