Secure password thanks to password generator
To create a secure password, we advise against thinking of it yourself. Instead, we recommend the use of password generators. Only use trustworthy password generators for this (no online password generators or similar). Specifically, we recommend:
-
Integrated password manager in KeePassXC (cross-platform)
KeePassXC contains an integrated password generator. This can be called up at any time via the cube symbol in the menu bar. The cube icon also appears each time a new password is to be generated (for example, when creating a new entry in the password manager or setting a primary password when creating a new KeePassXC database). Character types and password length are configurable. The coloured bar and entropy rate the quality of a password. It is best to use only passwords that produce a green bar with the password quality "Excellent". You can see an example in the following excerpt:
![The integrated password generator of KeePassXC, shown here with the example of creating a new master password for a new KeePassXC database. It is usually called up via the cube icon (here to the right of the password input field).]()
![The integrated password generator of KeePassXC, shown here with the example of creating a new master password for a new KeePassXC database. It is usually called up via the cube icon (here to the right of the password input field).]()
![The integrated password generator of KeePassXC, shown here with the example of creating a new master password for a new KeePassXC database. It is usually called up via the cube icon (here to the right of the password input field).]()
The integrated password generator of KeePassXC, shown here with the example of creating a new primary password for a new KeePassXC database. It is usually called up via the cube icon (here to the right of the password input field). -
pwgen (command line programme)
By default, pwgen creates passwords with a character length of 8, which are pronounceable and therefore easy to remember. Since this is a compromise for password security, we recommend extending the command with the flag -s (secure) and a minimum number of characters of 12. The customised command for generating a selection of secure passwords can look like this:
$ pgwen -s 12
31t6iZNgsmwZ gblIMny0ft8B rhf5jLEmLg9e KXrvE02bAdC1 MoFZaMoKmE3u dDfu2TusKhVm
jUHcgiY6118c qmDm2lb30KBh q2yOVRpNTJDn ik7hml9iDqeW Gu035ifeXEBz i1NjLATxuyTq
2RVkd4m7NghQ JRW5uHubjx6s 1Uigy5zZRdX9 inw8XSxwYdj8 5Dozgcb2momO zKo08sHwswB6
[…] -
Diceware (many words instead of characters, often easier to remember)
In contrast to the other methods, no computer program is used here, but a normal game dice with 6 eyes as a random generator to select 6 or more words from a list and add them together.
The first step is to choose a word list in the desired language:
Then you roll the dice five times for each word and get a sequence of numbers like for example "31235". In the German word list, for example, this results in the word "gute".
After five repetitions, a password is created, for example: "gute binse banner folgt ahorn iglu" (Do not use this password! You can choose any separator - I use spaces in this example)
If a website or software requires special characters or numbers in the password, these can be added: "gute-binse-banner-folgt-ahorn-iglu-4" (Do not use this password! You can choose any separator - I use a minus sign in this example so that the password contains special characters).
safety noteThis procedure is safe due to the high number of words chosen and their random selection:
No fewer than six words may be chosen and care must be taken to actually use a dice (humans as "randomizers" and digital dice apps for games are not suitable for this purpose).
