To do this formally, you need to consider information entropy.
This is all about how you generated your password. 10 characters of totally random mixed case, numbers and punctuation gives about 60 bits of entropy which is strong enough.
HOWEVER, that calculation only works if all 10 characters were generated uniformly and randomly. Humans are terrible at this. Now, maybe your trick for turning words into safe passwords is great, but there is no way to be sure. Sadly, remembering 10 random characters is hard.
Luckily, easy to remember and strong passwords are possible. The system I would recommend is diceware: www.diceware.com
That diceware system is complete Snowden-level paranoia. Close the curtains! Burn after reading! For everyday techie joe a passphrase + a memorized complex password is just enough. If you're on the internet asking for a strong password method and reading diceware.com you may have your priorities set wrong like an untrained spy.
I would love to see a comparison between where physically and which modifiers are used for each character are, and the strength of a password.
Is a password which is very easy/comfortable to type out physically any more/less strong than another of the same length?
I ask this because I often use a visual pattern on the keyboard for a password and I don't recall which characters they may be, but I recall the pattern in need to type out on a qwerty kb
There was a nice comic/picture of this. I tend to follow it. Basically using 3-4 short words as a phrase instead of random characters. You can toss special characters inbetween/before/after. They are also much easier to remember. Password "FoolMeOnce!ShameOnMe" for example.
Well, it was an example, but I agree. For everything that I can I use keepass with better autogenerated random passwords, but for things like home WiFi and others that I may have to type in manually I'll use a phrase like this. A more random phrase is certainly more secure.
log2(10^16) = 53 bits of entropy or 300 years if your attacker can do a million guesses per second (the link says 1000 keys per second, but that's on the CPU).
You could also use `cat /usr/share/dict/words` instead of the `curl`, which is a much larger word list, but you get impractical passwords like "globular cellulose's malnutrition's dangling".
shuf is not a crypto tool, and the GNU coreutils are written to be cross-platform, even where /dev/urandom doesn't exist, or is unreliable. That's my guess, at least.
HOWEVER, that calculation only works if all 10 characters were generated uniformly and randomly. Humans are terrible at this. Now, maybe your trick for turning words into safe passwords is great, but there is no way to be sure. Sadly, remembering 10 random characters is hard.
Luckily, easy to remember and strong passwords are possible. The system I would recommend is diceware: www.diceware.com