How to Generate Strong Linux Passwords and Verify Their Strength

Strong passwords should combine letters, numbers, and symbols while avoiding known words, birth dates, or personal names to resist dictionary attacks. Although there is no strict length rule, passwords longer than 16 characters are generally recommended.

On a Linux system with gpg installed, you can generate a random password using the --gen-random and --armor options. For example:

[root@localhost ~]# gpg --gen-random --armor 2 12
zXVKRoB0/V4BN9QG

If you prefer a password without special characters, pipe the output through sed to remove anything that is not a letter or digit:

[root@localhost ~]# gpg --gen-random --armor 2 12 | sed 's/[^a-zA-Z0-9]//g'
n4ciIlRLkLTkzwg

The same approach works with openssl. Generate a base‑64 string and optionally filter it:

[root@localhost ~]# openssl rand -base64 12
QIrH/PLXqzmLuI/a

[root@localhost ~]# openssl rand -base64 12 | sed 's/[^a-zA-Z0-9]//g'
lXIg4cKLCLVvsi

To evaluate password strength, install the cracklib utility on CentOS 8: [root@localhost ~]# yum -y install cracklib Testing a simple dictionary‑based password shows it is rejected:

[root@localhost ~]# echo "a1b2c5" | cracklib-check
a1b2c5: it is based on a dictionary word

Another example with a common word also fails:

[root@localhost ~]# echo "Administrator" | cracklib-check
Administrator: it is based on a dictionary word

Finally, test a generated password; the tool reports it as acceptable:

[root@localhost ~]# openssl rand -base64 12 | cracklib-check
VdBlmvIgGY4ehWly: OK

These commands demonstrate how to produce high‑entropy passwords and verify that they meet basic security criteria using standard Linux tools.