How to create a good password

Let's face it: passwords are at the heart of security of UNIX systems.

Even though there are plenty of clever substitutes (OpenSSH? key pairs come to mind), there is always a moment when you need to set a root password on a machine... And now, what do you do? Just punch 123456 as your root password?

Here is a little routine that I have created over several years, that allows me to create strong passwords for root and other key accounts on my UNIX machines - I hope you will find it useful!

1. Pick a passphrase.

Choose several small words that form a small sentence.

To pick an example, I'll use "I Love Unix" as my passphrase.

2. Split Vowels and Consonants.

Simple enough: put all consonants (B, C, D, F, etc...) on the left and all the vowels (A, E, I, O, etc...) on the right:

Therefore, "I Love Unix" then becomes: "lvnx ioeui".

3. Insert other characters.

Now that vowels and consonants have been separated, insert two or three characters between the two groups. Here, I'll insert %% between the two words, and "lvnx ioeui" becomes: "lvnx%%ioeui"

4. Apply "3l33t" transformation.

The tongue-in-cheek "3l33t" (meaning "elite") transformation means replacing some letters by numbers and other characters. I don't use the canonical "3l33t", since it is way too complicated. I have my own version, which is much more simple:

Here is a short table to explain this transformation:

Original Letter:Becomes:
I1 (one)
L1 (one)
O0 (zero)

The original "I Love Unix" then goes from: "lvnx%%ioeui" to: "1vnx%%103u1".

This is already complicated, but we are going one step further.

5. Upper-case letters with diagonals.

All consonants letters with diagonals in upper case (K, M, N, R, V, W, X, Y, and Z) should now be upper-case:

The original "I Love Unix" then goes from: "1vnx%%103u1" to: "1VNX%%103u1".

We are almost done! Please note that this password already contains:

This is already a fairly complex password, 11 characters long, and one that is not easy to guess. But there is more!

6. Add a personal touch.

The easiest way to do this is to pick two characters, other than letters and numbers, and follow it by three upper-case letters. In that case, let's pick -- and EEE.

Here is what the final password might look like: EEE--1VNX%%103u1.

You can also add the personal touch at the end: 1VNX%%103u1--EEE

You are done, and, in six easy steps, you went from "I Love Unix" to EEE--1VNX%%103u1.

Quite complex, right? On the other hand, it can be recreated

Now, a word of warning...

For this password recipe to be secure, remember to apply the following rules:

  1. Always apply all the steps!
  2. Always insert characters other than letter and numbers!
  3. Change passwords regularly!
  4. Use a passphrase and not just a single word!
  5. Do not use an obvious passphrase!!

To make your password even more complex, replace all repeated letters and numbers by the number of times they come back: EEE-- would be replaced by E4-- in this case, since there are 4 "E" in "EEE--I Love Unix"

Just as an aside, no, I have never used "I Love Unix" as a root password... And you should not, too, since this page is archived by Google and other search engines! :-)

Hope this helps!

See Also:

(Please note that almost all password checkers listed above give very high marks to EEE--1VNX%%103u1... Except for "Password Meter"... :-)