Password Generator
Sample Good* Passwords
From User Controlled Patterns
964372 079304 337426 544729 649413 677468 067524 092750
939349 544237 352633 747045 270726 203831 428547 058795
722463 467837 541767 838150 644106 963312 959125 631249
039363 389785 040301 404671 181730 545192 952068 246625
531097 097730 960408 835075 325790 750291 959939 702078
283044 397720 751536 066531 913188 838583 018100 571459
368034 380046 175820 265338 692270 295275 934172 919381
078811 192404 638232 528040 898944 622488 717341 433227
613445 962856 526333 215169 017030 391916 418425 872088
827834 038520 530787 330247 200612 146343 877250 991373
Use Refresh/Reload to create more similar structure passwords.
See the Pattern Samples page for many
examples and explanations.
Change options below to see different length passwords and patterns.
The user has near total control of the nature of the generated passwords.
This password generator can create any type of password: monster fully random
passwords, unsafe very short passwords, moderate length passwords that are highly
structured or loosely structured. Now it even produces passwords made of
multiple short words which are nearly always pronounceable.
The user has complete control over the
types of characters selected, and the probablity that any control chacacter
will cause a character of the selected type to be output. Within the parameters
set by the user, the selection of individual characters is random.
You can even use it to generate random numbers in both base 10 and hex
(but these are awful passwords).
This is a powerful, complex tool for system administrators and advanced users
to create real passwords, or study the near infinte ways uncrackable but memorable
passwords can be created. It is not a toy to watch the shape of character strings
change. If you are generating more than one set of passwords a minute, you are
wasting your time and my money. It is not possible to understand the qualities
of strong passwords 8 characters and longer in 6 seconds or less each. Try to
work through the actual pronunciation of each of ten, 12 character, Words Only
passwords, in less than four or five minutes.
Unless followed by a numeric qualifier, each pattern character will be
used exactly once to form the password, up to the maximum password
length. Once the maximum password length is reached, the password is
complete and any unused part of the pattern is simply ignored. There
is no upper limit on how many characters a 1 qualifier may generate,
except the password length. At least one is assured unless the
maximum password length has already been reached. Any password less
than the minimum length is discarded and a replacement generated.
Try the original password.pl for which free
open source code for both the command line
and as of late May, 2012, the
CGI (web) version is available.
All GeodSoft specific code has been removed and some modest enhancements made.
It's not nearly as versitile as this version but it has a number or configuration
options and is capable of generating a very large number of unique
passwords, nearly all of which are better than most people can do creating
their own passwords. In this version,
Cc0vcc0n2Cc0vcc0
generates the original default pattern.
cvcddcvc generates the
original
State Department
style passwords.
cvcnncvc is
"better" and
CvcnnCvc
is "still better."
CVCdd is "easy" and
CC0VCC0nnCC0VCC0L1
is "hard."
The passwords displayed above are transmitted in plaintext
over the Internet, stored in your browser cache, and you have only my
assurance that they are not logged. To get around this, for each password
you want, generate 1000 at time, and pick only 1. You might generate
several pages with a thousand each and pick only one. Avoid the temptation to
pick one that suggests something special related to you. When done, you
may want to clear your browser cache. You might manually change one or more
characters in any password you select. It's probably a good idea not to use
the evaluator on any password you actually select. If you take these steps,
it's unlikely anyone will ever know which one you selected or where you may
have used it.
Think of the passwords above as examples to be modified at will. Change
anything to to make them easier to type and or remember. When words are
displayed, shuffle, add, remove, or modify them. Please keep in mind
that any password less than 15 characters depends on character diversity
for strength; in addition to lower case letters you need at least one
upper case letter, at least one symbol or punctuation, and at least one
digit. Think of this character mix as the "full keyboard". It takes at
least 17 lower cases letters to beat 12 full keyboard characters and 23
to beat 16 full keyboard characters. If you reduce character diversity
you must make passwords longer if you want them to be equally strong.
It's preferable to avoid putting the upper case letters or digits in
the first or last positions. More of these non lower case letter
characters are stronger but may be harder to remember and or type.
There is no guarantee that passwords displayed on this page are
actually good passwords. Nearly all of the passwords displayed from my
sample patterns will be difficult to crack but many may also be difficult
to type and or remember. The new default pattern
with a minumum of 12 characters and up to four non letters rarely fails the
password evaluator tests (for passwords between
12 and 14 characters). About 20% to 25% contain a short dictionary
word which may be mangled beyond human recognition. Short words with 3 to 6
characters are of little concern in a 12 character password as long as there
is only one. The default pattern with 12 characters and a good character mix
typically has a password evaluator
strength rating of 12. One lacking either mixed case letters or symbols and
punctuation will rate about 10. A 12 character passowrd lacking both, i.e.,
one which is only lower case alphanumeric will have a strength rating about
7. Each increase of 1 in strenth represents about a 10 times increase
in the amount of time it takes to crack similar passwords. This assumes
the passwords are not vulnerable to dictionary attacks.
Among the many sample patterns on this and the
pattern samples page a number
include either consonant vowel consonant sequences, or many variations
on them that may be pronounceable and have a resemblance to words.
Even though the displayed characters are selected with the use of a
random number generator, at times dictionary words will be displayed.
Avoid these unless the word is no more than half the password. If the
word is more than two thirds the length of the password, DO NOT use it.
Some of the lengths of various sample passwords may not have not been
increased to keep up with the speed of computers and advances in cracking
techniques from 2005 - 2012. Seven character passwords
should not be considered acceptable on any but disposable accounts. Eight
characters is now less than marginal for important accounts. Don't use
anything less than 10, and if you want to be safe use 12 characters with
all character types available on a typical 95 character keyboard. 15 or
more can never hurt, and lets you start using short words and other
things that make the passwords easier to remember.
Passwords in which one word that can be found in any online list of words
(dictionary) and are more than 66% of the password length, are bad passwords.
It does not matter how the word in mangled to disguise it. Cracking tools
are designed specifically to find character substitutions amd deletions,
various shifts and rotations, mirroring and duplication and just about
every other modifcation, in multiple combinations to a word, that anyone
has thought of to disquise it. Humans generally cannot see the word in a
mangled word and think it's hidden. Cracking tools and properly designed
evaluators can find these easily. Try some in the
password evaluator (but remember its dictionary
lacks words from popular culture, including product names and words from
sports, movies, songs etc., that often appear in cracker's dictionaries).
Passwords consisting primarily of two short words are not good; they
are not typically bad. They are generally better than one long mangled word.
They tend to be weak and can be cracked with programmed dictionaries.
Top of Page -
Site Map
This page and the information on it my not be published or distributed under the
terms of the GeodSoft Publication License.
Copyright © 2000 - 2014 George Shaffer. All rights reserved.
|