Generate random passwords, Diceware and EFF passphrases with RandPass
Never use common words, names, your date of birth, anniversary, etc as your passwords for any of your accounts. A good way to minimize the risk of your login being compromised is by using unique passwords for every account.
It's not enough to ensure that the credentials are different per-site, you also need to make sure they are strong passwords (non-guessable). But it's easier said than done. Some websites may have rules that require you to use a password greater than 6 characters, include special characters, use capital and small letters, or numbers.
Thinking up a strong password is tricky business. You may inadvertently use similar letters or combinations for multiple accounts. The easiest method to prevent this, is to use a password manager. Most password managers have a built-in random password generator. But, not everyone may want to rely on a password manager, especially privacy conscious users who don't want to use an online password manager. If you're such a person, but still want to use strong passwords, you may want to give RandPass a try (or a local password manager such as KeePass).
It is a freeware tool that can be used to generate random passwords. You have options to set up the generation process to meet your requirements. RandPass has a user-friendly interface that comprises a menu bar, two tabs and a blank panel on the right-hand side of the window. The Characters tab is what you'll be using to generate the passwords. You can set the length of the passwords, and the program lets you choose between 1-1000 letters/characters. By default, it will generate passwords which are 10 characters long.
You may toggle the options to include lower case, upper case letters, digits, double probability of digits. Unlike most password generator tools, RandPass allows you to use custom characters. Enable the option and type in any special character that you want, in the box next to it.
The custom format option in the program has three formats to choose from: 4-*-4, 2-*-*-2, and 8-4-4-4-12. The numbers represent the length of characters, the hyphen acts as a delimiter, and the asterisk adds more characters. The number of characters added by the asterisk depends on the password length that you have chosen.
If you've chosen a 10 letter password, 4-*-4 will generate 4 characters, a hyphen, 2 more letters, another hyphen and 4 more letters, making for a total of 10 characters not counting the hyphens. For e.g. 2*&5-6z-*C$3. Similarly, 2-*-*-2 gives you 2-4-4-2 for a total of 10, and so on.
The last option you need to set up in RandPass is the total number of random passwords to be generated at the same time. For e.g. 5, hit the "Generate Passwords" button when you're ready, and the program will display the randomly generated passwords in the pane on the right. It is a text box, and hence selectable. Copy and paste the passwords to your password manager, user-login page, etc, and use them.
The only caveat in RandPass, and any password generator application, is that the passwords can get too complicated to remember. But there's a workaround for this problem.
Switch to the Words tab in RandPass. The options here allow you to generate passwords that contain random meaningless phrases as the passwords. Set the delimiter to be used (default is hyphen), next select the world list to be used. There are 9 lists to choose from: Chinese Pinyin, Chinese Wubi, Diceware, Diceware Beale, Diceware German, Diceware Russian, EFF, EFF Easy Long and EFF Easy short. Click the browser button next to the Wordlist menu to add your own word lists. RandPass supports .wordlist and .TXT files.
Though using words as passwords may seem easy to guess, in reality they can be pretty tough to crack, hence making them secure. I think the best example would be to quote the XKCD comic.Â "Correct Horse Battery Staple" is in fact a highly secure password. Refer to the EFF and Diceware documentation on how this is a cryptographically good method.
Back to RandPass, you can change the case of the words used in the passphrase, and toggle the option to add a random digit and symbol to the password. Click the generate passwords to create your secure phrases. The program can save the passwords to a plain text file. I wouldn't recommend doing this unless you're storing it on an encrypted drive. Use the Actions menu's "Check uniqueness" option to verify that no word is duplicated in the generated passwords. It also has case conversion options for changing the password to lower, upper or random case.
RandPass is free for home users, there is a Pro version which allows you to use it in commercial environments. The program is available in an optional portable package.
I use using KeePass' built-in password generator, and I've no clue on what most of my passwords are, they're all random characters. You can use KeePass without creating a database, plus it is open source. It doesn't support Diceware phrases though, at least not without plugins.