Generate a password like xkcd...
2 plus ones
Shared publicly•View activity
View 18 previous comments
- Constraining it to smaller words might allow for easier passwords, but you'd make it easier to guess. If someone knew the pattern they could easily check for 4 random words with 5 letter long words. That would be unsafe.Aug 12, 2011
- Oh, I write my passwords down. Otherwise I'd forget them no matter how easy to remember they are. I don't put them out in the open on sticky notes however.Aug 12, 2011
- So when doesshow us how to do this with a PG procedure? :)Aug 12, 2011
- A good solution would be using a band name generator, like this one: http://www.bandnamemaker.com/Aug 12, 2011
- nawk et al also have srand(), and it accepts and optional parameter, so you can, in theory, use any source of entropy to seed an AWK implementation. It's "hard" to read /dev/random (you never want to use /dev/urandom for real randomness) and turn the result into a number in AWK though, at least so far as I know. On NetBSD (for one) you can do this "head -c 4 /dev/random | od -D", but that's not very portable.
I think all *BSD implementations offer random(6) which can also be used. It seeds random(3) by passing the sum of the current time in seconds and microseconds, as well as the current process ID to srandom(3). That's enough to make guessing attempts detectable on any reasonable system even if the attacker knows the very hour you generated your password in (as well as all other inputs of course).
Any internet-connected password-protected systems must detect and automatically mitigate password guessing attempts as well as technically possible, obviously. :-)
Personally I also believe any password-protected system must also prevent the user from choosing an easily guessable password (if for no other reason than to make stealth guessing attacks more difficult).Aug 12, 2011
- Sadly, I keep running into web sites that impose maximum password sizes. Charles Schwab limits you to 8 characters!Aug 12, 2011