Sample Good* Passwords
From User Controlled Patterns
QectuwS$8 Xackint`5 Plulkeoj-9 VidyasH'0 scrawsewS-2
ShebyoD|5 MnegyilY=3 Cuingoav(2 nawellY%2 Bhounkeaq"3
Create passwords: Refresh/Reload = similar structure passwords.
See the Pattern Samples page
for many examples and explanations.
Below are a few basic password creation control patterns.
Words Only Passwords from 2 to 6 character words (3+).
NOT pattern based. Language unknown.
Wvv0evv0Esd Variable length psuedo word ending with symbol and digit.
Cc0vv0c0Csd1 Word like,symbol, one or more digits.
CvcnCvcn Rigid consonant, vowel, consonant, non letter, then repeated.
CvcAAAcvC Consonant, vowel, consonant, 3 random characters, repeat first 3.
Ll5Lss0d9 3 to 7 letters, 1 or 2 symbols, 1 or more digits.
aaaaaaaaaa 10 random characters, lower case letters only.
A1 Very big fully random strings.
h1 Many random 8 character hex numbers; NOT passwords.
Change options below to see different length passwords and patterns.
The user has near total control of the nature of the generated passwords.
This password generator can create any type of password: monster fully random
passwords, unsafe very short passwords, moderate length passwords that are highly
structured or loosely structured. Now it even produces passwords made of
multiple short words which are nearly always pronounceable.
The user has complete control over the
types of characters selected, and the probablity that any control chacacter
will cause a character of the selected type to be output. Within the parameters
set by the user, the selection of individual characters is random.
You can even use it to generate random numbers in both base 10 and hex
(but these are awful passwords).
This is a powerful, complex tool for system administrators and advanced users
to create real passwords, or study the near infinte ways uncrackable but memorable
passwords can be created. It is not a toy to watch the shape of character strings
change. If you are generating more than one set of passwords a minute, you are
wasting your time and my money. It is not possible to understand the qualities
of strong passwords 8 characters and longer in 6 seconds or less each. Try to
work through the actual pronunciation of each of ten, 12 character, Words Only
passwords, in less than four or five minutes.
Unless followed by a numeric qualifier, each pattern character will be
used exactly once to form the password, up to the maximum password
length. Once the maximum password length is reached, the password is
complete and any unused part of the pattern is simply ignored. There
is no upper limit on how many characters a 1 qualifier may generate,
except the password length. At least one is assured unless the
maximum password length has already been reached. Any password less
than the minimum length is discarded and a replacement generated.
Run the original password.pl for
which both command line
and as of late May, 2012
CGI (web) source code is available.
All GeodSoft specific code has been removed and some modest enhancements made.
It's not nearly as versitile as this version but is highly
configurable and capable of generating an enormous universe of
passwords, nearly all of which are better than people can do creating
their own passwords. In this version,
generates the original default pattern.
cvcddcvc generates the
is "still better."
CVCdd is "easy" and
There is no guarantee that
passwords displayed on this page are actually good passwords; also
they are transmitted in plaintext over the Internet, stored in your browser cache,
and you have only my assurance that they are not logged.
Depending on the controlling pattern, many, often most, are actually
approximately 20% of the passwords generated by the default
settings fail the password
Among the many sample patterns on this and the
pattern samples page a number
include either consonant vowel consonant sequences, or many variations
on them that may be pronounceable and have a resemblance to words.
Even though the displayed characters are selected with the use of a
random number generator,
at times dictionary words will be displayed.
The lengths of various sample passwords have not been increased to keep up
with the speed of computers and advanments in cracking techniques from 2005 - 2012.
Seven character passwords should not be considered acceptable on any but
disposable accounts. Eight characters is now less than marginal for important
accounts. Don't use anything less than 10, and if you want to be safe use 12
characters with all character types available on a typical 95 character
If a word is most of a password, the password is not good.
Passwords consisting primarily of two short words are not good; they
are not typically bad. They just tend to be weak and may be crackable. Passwords
consisting primarily of a dictionary word that has been mechanically
transformed are not good. Transformations may included reversal, rotation
and keyboard or ASCII shifts, substitution of similar looking numbers, and other
permutations. These may be difficult to spot; normal humans cannot
spot a reversed keyboard shifted word, but a password evaluation or cracking
program can find it almost instantaneously. To check the
quality and strength of generated passwords (or any password) use the
Top of Page -
This page and the information on it my not be published or distributed under the
terms of the GeodSoft Publication License.
Copyright © 2000 - 2014 George Shaffer. All rights reserved.