Password Generator
Sample Good^* Passwords
From User Controlled Patterns

tef;<bsix  zir3jay  bow]zay  Yann\"Xol  qij=Fefl  Bab26Pam  
copq\4ribf  dus.han  Cong5_nyiz  Ttil3fok  

The user has near total control of the nature of the generated passwords. This password generator can create any type of password: monster fully random passwords, unsafe very short passwords, moderate length passwords that are highly structured or loosely structured. Now it even produces passwords made of multiple short words which are nearly always pronounceable. The user has complete control over the types of characters selected, and the probablity that any control chacacter will cause a character of the selected type to be output. Within the parameters set by the user, the selection of individual characters is random. You can even use it to generate random numbers in both base 10 and hex (but these are awful passwords).

This is a powerful, complex tool for system administrators and advanced users to create real passwords, or study the near infinte ways uncrackable but memorable passwords can be created. It is not a toy to watch the shape of character strings change. If you are generating more than one set of passwords a minute, you are wasting your time and my money. It is not possible to understand the qualities of strong passwords 8 characters and longer in 6 seconds or less each. Try to work through the actual pronunciation of each of ten, 12 character, Words Only passwords, in less than four or five minutes.

Unless followed by a numeric qualifier, each pattern character will be used exactly once to form the password, up to the maximum password length. Once the maximum password length is reached, the password is complete and any unused part of the pattern is simply ignored. There is no upper limit on how many characters a 1 qualifier may generate, except the password length. At least one is assured unless the maximum password length has already been reached. Any password less than the minimum length is discarded and a replacement generated.

Run the original password.pl for which both command line and as of late May, 2012 CGI (web) source code is available. All GeodSoft specific code has been removed and some modest enhancements made. It's not nearly as versitile as this version but is highly configurable and capable of generating an enormous universe of passwords, nearly all of which are better than people can do creating their own passwords. In this version, Cc0vcc0n2Cc0vcc0 generates the original default pattern. cvcddcvc generates the original State Department style passwords. cvcnncvc is "better" and CvcnnCvc is "still better." CVCdd is "easy" and CC0VCC0nnCC0VCC0L1 is "hard."

There is no guarantee that passwords displayed on this page are actually good passwords; also they are transmitted in plaintext over the Internet, stored in your browser cache, and you have only my assurance that they are not logged. Depending on the controlling pattern, many, often most, are actually good; approximately 20% of the passwords generated by the default settings fail the password evaluator tests. Among the many sample patterns on this and the pattern samples page a number include either consonant vowel consonant sequences, or many variations on them that may be pronounceable and have a resemblance to words. Even though the displayed characters are selected with the use of a random number generator, at times dictionary words will be displayed. Avoid these. The lengths of various sample passwords have not been increased to keep up with the speed of computers and advanments in cracking techniques from 2005 - 2012. Seven character passwords should not be considered acceptable on any but disposable accounts. Eight characters is now less than marginal for important accounts. Don't use anything less than 10, and if you want to be safe use 12 characters with all character types available on a typical 95 character keyboard.

If a word is most of a password, the password is not good. Passwords consisting primarily of two short words are not good; they are not typically bad. They just tend to be weak and may be crackable. Passwords consisting primarily of a dictionary word that has been mechanically transformed are not good. Transformations may included reversal, rotation and keyboard or ASCII shifts, substitution of similar looking numbers, and other permutations. These may be difficult to spot; normal humans cannot spot a reversed keyboard shifted word, but a password evaluation or cracking program can find it almost instantaneously. To check the quality and strength of generated passwords (or any password) use the password evaluator.

Top of Page - Site Map

This page and the information on it my not be published or distributed under the terms of the GeodSoft Publication License. Copyright © 2000 - 2012 George Shaffer. All rights reserved.