human readable password generator

[Lazybones]

I personally would have a tough time remembering the passwords that script generates.. even with the numbers symbols and capitalization off.

The easiest to read is to just turn off the capitalization.. this will force the format of word num/syb word and it is easier to pick out symbols and numbers from the characters. If you turn both numbers and symbols off there is no separation between the sudo words so they are very hard to read and all the padding will be random characters.

I plan on improving the word generation as it picks some combinations that just don't appear in normal words, it is a work in progress.

Some examples:
No Num, No case, 9 min
fewn*phawz
yuh#tawg&
neey#showc
quoat!quaic
zim%quaub

You can sort of imagine a pronunciation for those and that should make them easier to remember than random characters pairs. Well at least that is the idea anyway.

[Darren Dirt]

...now our rules include:

1. Minimum of 8 characters in Length

2. The password contains characters from at least three of the following five categories:

        - English uppercase characters (A - Z)
        - English lowercase characters (a - z)
        - Base 10 digits (0 - 9)
        - Non-alphanumeric (For example: !, $, #, or %)
        - Unicode characters

3. The password does not contain three or more characters from the user's account name.

4. Passwords will have an expiry of 30 days and a history of 6 passwords will be kept.

Personally, I would be seeking other employment if those kinda rules were en-forced ... that is BEYOND ridiculous, and it obviously would encourage many non-analytical thinkers to simply write down their passwords somewhere near their keyboard

[Lazybones]

...now our rules include:

1. Minimum of 8 characters in Length

2. The password contains characters from at least three of the following five categories:

        - English uppercase characters (A - Z)
        - English lowercase characters (a - z)
        - Base 10 digits (0 - 9)
        - Non-alphanumeric (For example: !, $, #, or %)
        - Unicode characters

3. The password does not contain three or more characters from the user's account name.

4. Passwords will have an expiry of 30 days and a history of 6 passwords will be kept.

Personally, I would be seeking other employment if those kinda rules were en-forced ... that is BEYOND ridiculous, and it obviously would encourage many non-analytical thinkers to simply write down their passwords somewhere near their keyboard

The only part of that rule that is over kill to me is the rotation time of 30 days.. That is simply too often. The other complexity rules are important to reduce brute force attack risks.

[Thorin]

Thanks lazy, this will come in handy for me, in the last few months my job has really craked down on our passwords and now our rules include:

1. Minimum of 8 characters in Length

2. The password contains characters from at least three of the following five categories:

        - English uppercase characters (A - Z)
        - English lowercase characters (a - z)
        - Base 10 digits (0 - 9)
        - Non-alphanumeric (For example: !, $, #, or %)
        - Unicode characters

3. The password does not contain three or more characters from the user's account name.

4. Passwords will have an expiry of 30 days and a history of 6 passwords will be kept.

Needless to say im on month 4 right now and starting to run short on passwords

Betcha some users get around that by putting their first name, some padding, and then a number representing the version of the password they're on.  Users like to do things easy.  For instance,

Thorin01
Thorin02
Thorin03
Thorin04
Thorin05
Thorin06

Or even easier, pick your favourite password.  When it's time to change, change it six times then put it back to the original.

If they're really that paranoid about peoples' passwords, they should invest in fingerprint scanners.  No, wait, those can be defeated with photocopies.  Oh, I know!  We could educate all workers about the risk of letting others see their password.  Since that's really the problem, anyway.  If I never let you know my password, it doesn't matter how often I change it, you can never use it.  Unfortunately, 70% of users are willing to trade their password for a piece of chocolate.  No matter what you do with the password rules short of requiring them to be changed after every challenge, you cannot guard sufficiently against this problem.

Hey, the creators of Shadowrun had this figured out back in 1989.  Even back then, they predicted the Matrix (from Shadowrun, not the movies) would interconnect computers everywhere in a giant grid.  And they made sure to explain that some corporations simply *would not* connect sensitive systems to the Matrix, so that there was no way for a hacker to get at the files on them without explicitly breaking into the compound (hey, this was the basis for an easy half of all runs I ever did...).

[Shayne]

HaHa Thorin nailed my password scheme at upside

[Darren Dirt]

If they're really that paranoid about peoples' passwords, they should invest in fingerprint scanners.  No, wait, those can be defeated with photocopies.  Oh, I know!  We could educate all workers about the risk of letting others see their password.  Since that's really the problem, anyway.  If I never let you know my password, it doesn't matter how often I change it, you can never use it.  Unfortunately, 70% of users are willing to trade their password for a piece of chocolate.

Thanks Thorin, for the past hour I've had the first coupla minutes of "Stairway to Heaven" playing and replaying and REplaying in my noggin'

[Thorin]

Personally, I would be seeking other employment if those kinda rules were en-forced ...

I have to say, password rules is not something that'll make me quit a job...  Bad pay, being expected to work overtime without pay or cause, bad benefits, completely boring work, lack of foreseeable future for the company, lack of future career growth, and lack of trust in management all make my list, but password rules?  Hmm.  I think you might be a bit more fickle than most, Darren