One-liner to generate an easily memorable password?

First of all, install a dictionary of a language you're familiar with, using:

sudo apt-get install <language-package>

To see all available packages:

apt-cache search wordlist | grep ^w

Note: all installation instructions assume you're on a debian-based OS.

After you've installed dictionary run:

WORDS=5; LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words | shuf --random-source=/dev/urandom -n ${WORDS} | paste -sd "-"

Which will output ex:

blasphemous-commandos-vasts-suitability-arbor

To break it down:

  • WORDS=5; — choose how many words you want in your password.
  • LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words — choose only words containing lowercase alphabet characters (it excludes words with ' in them or funky characters like in éclair). LC_ALL=C ensures that [a-z] in the regex won't match letter-like symbols other than lowercase letters without diacritics.
  • shuf --random-source=/dev/urandom -n ${WORDS} — chose as many WORDS as you've requested. --random-source=/dev/urandom ensures that shuf seeds its random generator securely; without it, shuf defaults to a secure seed, but may fall back to a non-secure seed on some systems such as some Unix emulation layers on Windows.
  • paste -sd "-" — join all words using - (feel free to change the symbol to something else).

Alternatively you can wrap it in a function:

#!/bin/bash

function memorable_password() {
  words="${1:-5}"
  sep="${2:--}"

  LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words | shuf --random-source=/dev/urandom -n ${words} | paste -sd "$sep"
}

or

#!/bin/sh

memorable_password() {
  words="$1"
  if [ -z "${words}" ]; then
    words=5
  fi

  sep="$2"
  if [ -z "${sep}" ]; then
    sep="-"
  fi

  LC_ALL=C grep -x '[a-z]*' /usr/share/dict/words | shuf --random-source=/dev/urandom -n ${words} | paste -sd "$sep"
}

Both of which can be called as such:

memorable_password 7 _
memorable_password 4
memorable_password

Returning:

skipped_cavity_entertainments_gangway_seaports_spread_communique
evaporated-clashes-bold-presuming
excelling-thoughtless-pardonable-promulgated-forbearing

Bonus

For a nerdy and fun, but not very secure password, that doesn't require dictionary installation, you can use (courtesy of @jpa):

WORDS=5; man git | \
  tr ' ' '\n' | \
  egrep '^[a-z]{4,}$' | \
  sort | uniq | \
  shuf --random-source=/dev/urandom -n ${WORDS} | \
  paste -sd "-"

I don't do this with standard utilities that are not designed with cryptographic use in mind. There is no reason to believe they're using a csPRNG or that they're seeding it properly, and someone who knows your method will be able to reproduce your passphrases. Likewise, behave of multi-purpose utilities if you aren't sure how to use them properly.

pwqgen from passwdqc.


You need a wordlist dictionary, since you mention bitcoin, most likely you want this one:

https://github.com/bitcoin/bips/blob/master/bip-0039/english.txt

If your native language is not English, there are wordlists for other languages available in the same repository.

Given this english.txt file, you can do a random selection with shuf:

$ shuf -n 4 english.txt 
anchor
neck
trumpet
response

Note you'll need way more than just 4 words for a truly secure passphrase. 4 words is for an online service where the number of attempts an attacker might do is very limited. I think the bitcoin recommendation is 16 words, not sure.

Also in this example, each word may only appear once. If you wish to allow repeated words, add the --repeat option:

$ shuf -n 4 -r english.txt

That would allow each word to appear more than once.

If you want the output in one line, you can just add xargs echo:

$ shuf -n 4 english.txt | xargs echo
math easily cube daughter

Or if you prefer command substitution:

$ echo $(shuf -n 4 -r english.txt)
photo milk roast ozone

On a sidenote, I don't find this style of password to be easily memorable.

Well, actually I got very lucky with math easily cube daughter since that just happens to make it easy to think of a story where your daughter can easily do math with cubes or whatever. It's something humans can relate to, as is the horse in XKCD's example.

But what the heck is a anchor neck trumpet response? I'm not a comic book author with creativity to spare to come up with a mnemonic for that. So it will be forgotten in no time.

Even if you can remember the words, it's hard to remember their correct order. Was it math easily cube daughter or daugher easily math cube or something else?

And the password is supposed to be random, you're not allowed to pick and modify it.


As for bitcoin seeds, you're not really supposed to remember them. This is just a way to be able to write it down easily. Anyone can write down 16 words on a piece of paper and read them back correctly; with random letters it's much more likely to make mistakes.


If you have concerns about the randomness of shuf, add the --random-source=/dev/urandom parameter to all shuf commands.

See also https://www.gnu.org/software/coreutils/manual/html_node/Random-sources.html#Random-sources