Using UUIDs for passwords
Solution 1:
There are many ways to generate a UUID, some of which are likely highly guessable. For instance, the current time is often a component and sitting right there, as is the machine's MAC address, etc. Don't confuse unique with unguessable.
I would not try to re-purpose UUIDs for passwords, but instead choose a strong password generator. If you're thinking about using a UUID for a password, clearly being able to remember it is not important, so I'd choose something like the output of MD5 with a few bytes from /dev/random or /dev/urandom:
dd if=/dev/random bs=128 count=1 | md5
Or, better yet, use a tool designed specifically for generating strong passwords. Ideally ones that users can remember without writing them down.
Solution 2:
The higher the level of complexity in the password the higher the chance that the user will write it down on a post it note and stick it to their monitor, that is in addition the the support costs when the user forgets the password.
When using SSH Keys some form of password is recommended (but not required) to secure the key. Pass phrases are easier to remember than passwords so something like:
- Firefox&is&JUST&a&browser
- NotTheFirstHackI'dTry
- The Quick Brown Fox
Will both reduce the incidence of calls to reset forgotten passwords, and improve security because your users are going to be able to remember them without writing them down.