Create secure passphrases, include custom characters with PasswordGenerator
When signing up for an account on any website, I always use KeePass' built-in password generator. This ensures that every password I use is strong but also unique, which in turn minimizes the risks of my accounts being compromised.
Tip: check out Martin's guide on changing default password generation parameters in KeePass.
But, what if you're not a fan of password managers? You can use programs which specialize in generating random passwords, the aptly named PasswordGenerator (by Stefan Trost) is a nice choice.
The program is portable and comes with a single file, the EXE. It's just over 4MB in size. The application displays a splash screen for a few seconds when you run it.
PasswordGenerator has a very simple interface, which is a huge plus for non-tech savvy users. Instead of complex terms, algorithms, patterns, there are a few straightforward options that you can customize for creating the passphrase.
The first option allows you to choose the length of passwords, which by default is set to 10 characters. Click on the drop-down menu to set a smaller length (from 6 characters) or a longer one (up to 35 characters).
Note: The official document says that PasswordGenerator can create passwords of any length. Out of curiosity I tried entering 9999 in the password length box, and surprisingly it did work. Nobody is going to use long passwords of such absurd length, but it is good to see that the program can generate incredibly long randomized passwords.
Next, we need to select which characters should be used in the creation process. There are four options that you can toggle to include Uppercase, lowercase letters, and numbers in the passwords. The fourth setting enables the following special characters: !?.:,_(){}[]/\%@#$~-+
Some websites don't accept special characters, while others may have mandatory rules like "password must include digits, capital and small letters, and a symbol". So, you can customize the passphrase settings according to your needs.
Unlike usual applications of this kind, PasswordGenerator uses a slightly different method to create secure phrases. When you toggle one of the four character options, the current phrase is instantly replaced and a new one based on the new rule set is generated.
When you're done setting the rules for generating the password, click on the Create button, and your secure password will be displayed in the text field. Click on the Clipboard button to save the passphrase to your clipboard, and you can paste it anywhere you want.
What if you forgot to save a recently generated password? Click on the File menu and select History, a small pop-up window appears that lists every password that was generated. There is a catch though, since the program is completely portable, it only displays the passwords created during the current session, so if you exit the application and come back to it, the list will be empty.
The History window has a Save button that can be used to save the passwords to a plaintext .TXT document, I don't really recommend using this option, but if you do, make sure the file is hidden away and/or encrypted.
Head to the Settings menu to customize PasswordGenerator's options. The General tab allows you to customize the characters used for creating passwords. You can add additional special characters like ^&'"<>`* to make the passphrases even stronger.
Though the program is portable, you may toggle an option that makes the application save its settings in a profile. The program can be set to automatically start with windows.
PasswordGenerator is developed by Stefan Trost, the author of FileListCreator. The program is good, but the lack of support for advanced password generation rules like the Diceware list, is a bit of a letdown.
What library or command line app, if any, is this based on? pwgen perhaps?
the vociferous opinions in these comments may not be very helpful.
An alternative password generator is “Sordum Random Password Generator”
https://www.sordum.org/10946/sordum-random-password-generator/
On passwords this always has to be said:
https://xkcd.com/936/
Who would make the world’s first “human-readable” pwd-generator?
Another useless piece of software.
When will people realize password strength is purely mathmatical?
The longer it is, the stronger it is (period)
Making it hard or impossible to remember them is plain dumb.
Making them long and easy to remember is “best security pratices”.
“Making it hard or impossible to remember them is plain dumb. Making them long and easy to remember is ‘best security pratices’.”
That’s dumb. You can’t make passwords long and easy to remember at the same time. You can do that at most for one password, or a very limited number. Ergo, the master password of your password manager.
P.S.: please don’t tell us you’re a genius, and able to remember hundreds of “easy to remember”, 10-words passphrases. If that’s the case, good to you. Lesser human beings such as us need other solutions.
I disagree. If you’re a person who doesn’t want to put all of one’s eggs in one basket (like a password manager) but also don’t feel comfortable generating strong passwords, this seems like a good idea. You’d want a notebook to track your passwords, but that’s reasonably secure.
” If you’re a person who doesn’t want to put all of one’s eggs in one basket.”
If you’re such a person, you’re misguided. This is the silliest reason given for not using a password manager.
The proof is in the solution you provide yourself : writing down those passwords in a notebook. Well, that’s putting all your eggs in one basket.
And contrary to the password manager basket, this one cannot be duplicated, as the database of a password manager should be : that, is backed up in multiple places, each time a single bit is changed, automatically.
If you use a password manager, and you use it properly, you’re precisely not putting all your eggs in the same basket.
Anything else is putting all your eggs in the same basket : committing to memory, writing down in a notebook, relying on your browser’s password manager or relying on the “Don’t ask me again on this device” feature.
I don’t get it. Is that a password generator which does not store passwords ? If so, it is ridiculous. It’s of no use at all. All password managers have a password generator embedded, so what’s the point of creating passwords if you can’t save them, preferrably in an encrypted and secure manner ?
A password manager does three things, all of which are required :
– Generate secure passwords.
– Apply them in a safe way.
– Store them in a safe way.
If there were no password managers available, this program might be handy. But given there are all sorts of good and free passwords managers around, it’s not a good idea either to offer such a program, or to promote it.
Wow, such passion.
There are probavly going to be times when a person might need to generate a password and not immediately need to enter it into their own storage. Or may use an online password keeper and find it easier to generate separately. Etc etc.
No, there are no such times, and moreover, there should not be. Security needs to be learned, and inducing people to think that they apply good security rules when they generate passwords without storing them is spreading falsehoods. And therefore, a false sense of security.
If, exceptionally, you need to generate a password and not store it, use Kee Pass. Or any other password manager.
If you use an online password manager, you never find it easier to generate it separately. Unless you have a bad password manager. In that case, switch to a better one.
This program does not even have a dedicated feature to generate passphrases, contrary to what the title suggests. This being one of the rare instances where you might want to create a password and not store it (that is, commit it only to memory).
Kee Pass with a dedicated plug-in for passphrase creation does that. Or, use a specialized website, such as Make Me a Password.