Safe password generation

Share interesting information or links related to portable apps here.
Post Reply
Message
Author
User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Safe password generation

#1 Post by Midas »

Revisiting this, after recent news (see https://gu.com/p/ba287) report people are still massively using the likes of "password", "qwerty", and "123456"... :shock:

The same article quotes the British security agency GCHQ (https://www.gchq.gov.uk/) on the required complexity level needed for adequate protection:
The advice from the centre is simple -- using three random words as a password should keep your information safe.

Following up on that, there are legions of sites online where you can generate random words but I think https://randomword.com/ is a rather good one because it provides some uncommon ones, along with definitions for easier memorization. Here's an example from my last access:
heterodymus
conjoined twins with two heads and torsos but one pair of legs

Memorization is optional, you could just opt for a password manager -- we have a few listed here at the forum:

Other related topics, mainly about password generators:


hamasaki
Posts: 197
Joined: Tue Apr 23, 2013 11:16 pm

Re: Safe password generation

#2 Post by hamasaki »

A friend of mine had the password 12345. When I asked her why, she said:

"It`s so simple, no-one would ever think of it"

That is the mentality of some people who use computers. They really are clueless about security. That said, websites don`t do enough to force secure passwords. Of course if people had to pick passwords they can`t remember, it might cause too many headaches. lol.

appsuser
Posts: 136
Joined: Fri Feb 08, 2008 11:51 pm

Re: Safe password generation

#3 Post by appsuser »

This is actually an android app but it's a pretty good concept:

Privacy Friendly Password Generator
https://secuso.aifb.kit.edu/english/Pas ... erator.php

Basically, you remember one password. All other passwords are generated from a unique field (customer name, website address, etc.) The same password will always be generated for the same fields, so there's no reason to memorize complex passwords. If for any reason a password is compromised or needs to be changed, you can just bump up the version number. I'm sure someone could easily port the concept to a portable program.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Safe password generation

#4 Post by webfork »

The advice from the centre is simple -- using three random words as a password should keep your information safe.
Interesting. Reminds me a bit of this post: viewtopic.php?p=64730#p64730
All other passwords are generated from a unique field
There's a windows version of that program that's both here on the site and portable, but I can't seem to find it ... I'll post back here if I can track it down. EDIT: The program is Infinite Password Generator viewtopic.php?p=82998

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Safe password generation

#5 Post by webfork »

In our case, given a login, a master password, a site and options it will return a unique password.
Good suggestion. Also, what's with the redirect URLs? The "4 fatal flaws" link was broken for me: https://tonyarcieri.com/4-fatal-flaws-i ... d-managers

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Safe password generation

#6 Post by Midas »

webfork wrote: There's a windows version of that program that's both here on the site and portable, but I can't seem to find it...
I deliberately left that one out. For obvious reasons... :evil:

@Ding-A-Ling: great post and suggestion. Thanks. 8)

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Safe password generation

#7 Post by Midas »

Quick note to add that while I don't much care for the program itself -- it's really little more than a VB form, isn't really stealth and it messed up my system's clipboard operation -- Tomvale Friendly Passwords homepage (http://friendlypasswords.com/) has a pretty good write up of the benefits of deterministic password generation; in any case, here's my summary of its main points:
  • Dynamic (re-)generation
  • Memorability not required
  • Password strength enforced
  • Easy changeability
  • Easy accessibility
  • Reverse engineering protection
  • Security through obscurity
  • Plausible deniability
Image

User avatar
Midas
Posts: 6705
Joined: Mon Dec 07, 2009 7:09 am
Location: Sol3

Re: Safe password generation

#8 Post by Midas »

Second note to add that LessPass mentioned above is Python3-based with no ready standalone binaries available for Windows.

Those on Android can easily get LessPass's CLI version via any advanced terminal app -- personally, I favor Termux.

OTOH, Privacy Friendly Password Generator requires no online access, no special permissions and is readily available for Android on F-Droid, as well as Google Play.

Post Reply