Password Generation for MS Windows
How many passwords do you have? I have close to 100. Passwords for online stores, passwords for banks, passwords for technical support sites, passwords for all my instant messenger accounts, etc. Good passwords are hard to remember, so I used tricks, replacing certain letters with similar looking numbers, separating words with numbers or symbols. Unfortunately, these are not really good passwords and coming up with a hundred combinations I could remember and keep straight was not easy. So I broke the cardinal rule, used the same password for multiple sites/systems. I also wrote them down, storing them in an encypted database designed to store passwords. But I routinely use several systems, my home office system, my workplace system and my laptop. So now I needed a copy of the software and its database on all those systems and the problem was keeping the databases up to date and the niggling worry in the back of my mind that the encryption wasn't as good as it claimed.
My solution is genpass. It's a very simple program that generates a pseudo-random string (the password) based on an input passphrase. The password can be from 6 to 16 characters and contain, just alphabetical characters, alphanumeric characters or alphanumeric and symbol characters. I create the passphase by combining a constant phrase with the URL of the site or system name that I am trying to login too. In addition the password is automagically copied to the clipboard so all I have to do is paste it into the password field of whatever I am trying to log into. After 30 seconds the passphase and password fields are cleared so I can leave genpass running without worrying about people seeing my last passphrase or password.
Some examples:
| Passphase-www.amazon.com | KyWuEeSoqPPnMLGK | 49755537qPPnML7K | +975%%3.qPPnM\'K |
| Passphase-www.aol.com | CqMqOnIkkIHhGVEb | 3150On94kIHhGV5b | #1,0~)+kIHhGV%b |
| Passphase-www.cisco.com | BpOonMKiIigBeuEb | Bp88nMK998gBe45b | Bp//^]K))(gBe4%b |
| Passphase-www.yahoo.com | OmkKKyGEEdCnApOo | 85kK497EEd3n1p88 | ?,kK;9'EEd#~!p?? |
The program itself is just a dialog box (figure 1), type in the passphase, select the password type and length and press the OK button. You can generate as many passwords as you want. When you are done with the program press the cancel key.
The algorithm used to generate the password is not cryptographically secure and I'm sure that with enough examples someone will be able to figure out the constant part of the pass phase. However, since the passwords are never written down the only way to get the passwords is to hack into the individual web sites or systems I am not worried about it.
Finally some of the systems that I access require that I change passwords every 30 days or so. And of course require that the new password be "very" different from all previous passwords. For those I just use something associated with the date. I haven't had a problem so far.
| Passphase | password for 06 | password for 07 |
| Aug06-system1/Aug07-system1 | poOyYgIIEsEedCCa | xwWAQoQQMkMmlKKi |
| Sep06-system1/Sep07-system1 | hgWqPObaOKmLMkzi | poOyIgjifSEdECBq |
| Oct06-system1/Oct07-system1 | XwfapOSqMkmLMkKy | AoniXWKyUCuTUsSA |
If you like it let me know, if not you can let me know that too. If you have any suggestions I'll be happy to listen to them but I make no promises about releasing a new version.
Send comments and suggestions