Password Generator

An experimental means of creating 'memorable', recoverable Passwords.

Here are 4 Passwords: notice anything about them ?

K6_0C1I(Y)€m9

€MK(IYC0)_691

k_01y(ci€m9)6

C€69M1IK0)(_Y

They're all upper and lowercase rearrangements of (Mick€y_1960)

There are around 6 Billion Password permutations you can make from (Mick€y_1960)

If you lost your password, 6 Billion is small enough, that you could brute force it.

You might need professional help, but it's doable.

An attacker however, not knowing your character set, must assume you are using any of 26 upper, 26 lower 10 digits and

special characters, meaning he's faced with Trillions of Trillions of possibilities, so as far

as he's concerned, your password, can't be bruteforced.

It might be easier to simply go through the lost password procedure, but there

are circumstances where this might not be possible or practical.

All things being equal, if an attacker DOES NOT get hold of your password details,

then this method represents reasonable security for most people and allows you to generate multiple, recoverable, reasonably secure (depending on Pwd length and complexity) passwords from a single phrase.

For these rough calculations, I'm assuming that for a full character set, the possibilities

are character set length ^ No of Chars in Password.

This method has fewer permutations (Billions instead of Trillions) because we're using a reduced character set, and our permutations are determined by N! (N Factorial)

because here, we're rearranging letters.

Actually, N! X no of letters because we can rearrange once for lower case and again for upper case.

So in a Password containing 15 Characters, 8 of which are letters, the number of permutations is given by 15! X 8 = Approx 10 Trillion possibilities.

Difficult but doable by you, but an attacker who does not know your character set is faced with a password and has 7.2 ^27 possible permutations.

In the case of (Mick€y_1960) then N = 13 and 13! ~ 6.2 Billion.

That being the worst case scenario where an attacker knows your MasterPassword

or it's character set.

Most hacks are done on large numbers of people, they're generally not targeting you as an

individual.

They are targeting people with Passwords like Password123

or Mick€y_1960, which as it stands is NOT a good password because it

is vulnerable to a dictionary attack with common substitutions.

Scrambled up though, it's a pretty good password.

This is a medium security solution to a problem we all have with keeping track of

dozens or sometimes hundreds of truly random passwords.

If you're reasonably imaginative with your master password, use around 15+ characters a good mix of upper, lowercase, digits and 4+ special characters, this system gives reasonably good security.

You could make the passwords more secure by upping the character length to

20+ characters but then, it becomes even harder for you to brute force your own

password, should you have to.

Alternatively, you could just click 'forgot my password' and reset it.

This is an experimental tool, make copies of any passwords used.

CAUTION Saving a Password under a same label will overwrite the old Password.

It's also comparatively easy to delete a stored password.

I need to add in some more confirmations.

You can generate medium length Passwords, say 10 to 15 chars for Medium security situations using longer Pswds for more secure requirements.

A password manager is probably a better solution, however, some people might have a use for a tool like this.

For now, treat as experimental.

Depending on your level of security required, 10 Chars might be low-medium security,

15 characters might be medium security, and 20 chars+ would be

highly secure and probably exclude most hackers from obtaining your password

(including you yourself).

Ver 2 Added Use and Share buttons.

Icon courtesy of http://Iconarchive.com

Background Grille image courtesy of http://Freepik.com