Table of Contents

Passwords

Generate a secure password

Linux

# generate password containing ASCII characters without spaces (96 possible characters)
strings -n 1 < /dev/urandom | tr -d '[:space:]' | head -c15
 
# generate base64 password (64 possible characters)
openssl rand -base64 15

(source)

Password strength

see also: https://github.com/dropbox/zxcvbn

Methods to crack passwords

brute force

dictionary attack

rainbow tables

side-channel attack

Password storage

Password managers

see also: KeePassXC

Alternatives to password managers and why they're not a good idea

key derivation systems

A key derivation system is a method where you use a function to generate a password for a service based on the name or URL of said service and a master password.

Your key can still become compromised, only that the secrets it protects are not even encrypted. If you have one password for one service and know the method of key generation, you can even derive passwords for other services. The only difference is that you don't know the usernames for these services and which services exactly you use, but it's not that hard to find out the emails you usually use or try out services.

And each website can have its password lost, you have to increment some salt and then it gets confusing – where do you store the salt? Do you store it at all? What number do you have to use for that obscure service you only use once every few months? Do you even have an account with that site?

There are many benefits of a password manager and if you use a keyfile, a strong password and secure (as in: reasonably tamper-proof) systems, a regular password manager is just as secure or even more so than your key derivation type password managers.