Password Generator

About Passwords

[hide] Passwords, don't you just love them? No? We're told that we need to have 'strong' passwords, and we must have a different one for every occasion. Oh, and never write them down! How on earth are we meant to remember all those nasty numbers, letters (upper and lower case) and those pesky 'special' characters?

OK, well here's a password generator which will give you strong passwords, but try remembering them! One thing this generator does is to show you the number of permutations the selected character set or sets give you for your chosen password length. This number is a direct measure of the strength of the password - the bigger the better. The results are very revealing.

Let's set the password length to 8 characters, and we'll use upper and lower case characters, numbers and special characters (the standard 'strong' password requirement). If we do NOT have to use at least one of each type, the number of permutations is 1.370114370683136x1015. Now, if we require at least one of each type of character, the number of permutations GOES DOWN to 5.0859343988172814. So, requiring one of each type of character REDUCES the strength of the password!

Now the second point. Again, let's look at upper and lower case characters, numbers and special characters, and explore what happens to the number of permutations (rounded to 2 decimal places) when we vary the length of the password. Starting with 8 characters and going up by 8 each time, here are the results:

Number of Characters Number of permutations
8 1.37x1015
16 1.88x1030
24 2.57x1045
32 3.52x1060

Now let's try keeping the password length fixed at 16 characters and varying the included character sets. Note that we are using 16 characters in our special character set. Using a password length of 16 characters, and rounding the number of permutations to two places of decimals:

Character sets Number of permutations
123
(10 chars)
1.00x1016
*!#
(16 chars)
1.84x1019
ABC or abc or (123 and *!#)
(26 chars)
4.36x1022
(ABC or abc) and 123
(36 chars)
7.96x1024
(ABC or abc) and *!#
(42 chars)
9.38x1025
(ABC and abc) or [(ABC or abc) and 123 and *!#]
(52 chars)
2.86x1027
ABC and abc and 123
(62 chars)
4.77x1027
ABC and abc and *!#
(68 chars)
2.09x1029
ABC and abc and 123 and *!#
(78 chars)
1.88x1030

So, comparing these two tables, the length of the password is clearly more important in determining its strength than the included character sets. All this messing about with special characters does very little to enhance security. What DOES make a big difference is to increase the length of the password. "But," I hear you ask, "it's difficult enough to remember an 8-character password. How do we remember a 32-character one?"

The simple answer is unusual but memorable phrases. For example: "Five baboons have arrived and it is only Thursday". This phrase has 49 upper and lower case characters, giving 1.21x1084 permutations - that's strong! Here are a few more examples along with the numbers of permutations for their length and character sets:

Phrase Permutations
Granny ate 27 bananas 4.37x1037
Teach a person to fish 5.65x1037
Green Hills Satanic Mills 7.94x1042
My first house was number 124 9.34x1051
Email - this is my special padlock 2.02x1062

Note: for the astute matathematicians amongst you, you will have noticed that the number of permutations quoted for the phrases are slightly lower than the correct figure because the space character is not included as a separate character in the calculations. However, this means that the passwords are, in fact, stronger than the quoted values.

So, my contention is that it's better to have a long simple password than a short complex one, and the long simple ones can be highly memorable. So, you can either make them up yourself, or use a generator to append random words, either with or without special characters as delimiters, and with optional character substitution:

O,o0
I,i1
E,e3
A,a4
S,s5

For example: P3r50nM41nt41n54nyth1ng, or with delimiters: P3r50n*M41nt41n5!4nyth1ng. This combination of characters has 2.01x1047 permutations, so is very strong as a password and all you've got to remember is PersonMaintainsAnything.

Here is a password generator that will give you strong complex passwords of any length between 8 and 100 characters. There's also a random word generator for more memorable passwords, either with or without delimiters. You can create passwords of up to five concatenated words. Note we have used British English spelling, so for those of you that spell "customiSe" "customiZe" or "colour" "color" etc. simply make the appropriate substitutions. We have a database of over 20,000 words which are selected at random. A very small number of the combinations may be offensive to some people. If so, just rapidly regenerate the passwords.

You can optionally generate a one-way hash of the password using the PHP PASSWORD_DEFAULT constant. Have fun.

 

Complex Passwords

Password Length 
No of Passwords 
Include:
Upper case At least one of each required:
Lower case
Numerals
Special characters
Hexadecimal
Generate hash

No of Permutations:

 
Copyright GT-Ltd 1995 - 2021. All Rights Reserved Worldwide