Command-line tool pwgen is a well known tool to generate a list of passwords.
I use it almost daily: when creating new accounts on remote servers, or when I want to encrypt sensitive data with a temporary password to send to a customer.
Sometimes opening my terminal and typing pwgen 30 1 is faster than getting to the generator in my password manager.1
I had noticed before that the passwords generated by pwgen seemed to contain patterns: repeating vowels is something that stands out.
I hadn't thought about it much, until I saw a colleague type pwgen -s at his terminal.
What is this -s?
As with most unix-y tools, a quick glance at the man page tells us everything we want to know.
The -s is shorthand for --secure:
Generate completely random, hard-to-memorize passwords. These should only be used for machine passwords, since otherwise it's almost guaranteed that users will simply write the password on a piece of paper taped to the monitor...
As it turns out, pwgen actually doesn't generate secure passwords by default.
The passwords it generates are designed to be easily memorized.
That explains the patterns I noticed before!2