\\ Home Page : Post : Print
What is your password?
By Kirill (on 2007-12-22 @ 12:37:55, in General, read 2660 times)

Well... If you are not going to tell me, then my congratulations! Just don't fall into the same trap as people at London's Waterloo Station and at least pretend that you don't like chocolate.

Seriously, the real title should be "How do you pronounce your password?".

It all started some time ago (in 2001 to be precise). It was a middle of Internet bubble and all kinds of companies offered all kinds of services for free. The problem was (no, not that it ended few months later) they all required passwords. So, what? Can't I just reuse the same password? Well, no, this is a very bad idea even if the password is very strong. Can't I just use browser's capabilities to remember my passwords? Well, no, it's just as bad idea as the previous one. So, the solution I found was: pronounceable passwords. Some may say that even better solution is pass phrases, but up until nowadays not every company would allow you to use funny, catchy, not-so-evident, but 30 characters long password. What is even worse is that some companies enforce weak passwords (no, it's not a typo - they do limit your password to something like 6 lowercase letters and numbers, but no special symbols or even capital letters).

The best implementation I found was written by Tom Van Vleck. If you would go to his Tools & Java section, you'll find a very educational story about how it all started in 1970s (it's on Java version of Pronounceable passwords)

What I did not liked about that password generator is that I had to come up with ways to make the password stronger. There are few ways to do that:

  • Capitalize some letters
  • Add digits at random locations
  • Add non-alphanumeric characters

So, instead of doing it manually each time I need yet another password, I modified his Java code to do it for me [and learned some more Java along the way]. I even had a web site where I published it (however I forgot the credentials to that free hosting provider, which, by the way, disappeared later).

A recent conversation at the office brought the idea of publishing my version of Pronounceable Password Generator back to life again. After some minor modifications (caused by slightly better Java skills), please, welcome GPW 2007 Edition!

If you have Internet Explorer 6 or 7 and JavaScript is enabled, you should not need to "activate" the applet. Otherwise, blame Eolas.

Feel free to download source code (it's actually .java file) or JAR version for offline use from command line.

Some tips to use the generator (you may call them "good password tips"):

  • generate as long passwords as you can remember
  • capitalize some letters
  • use digits
  • use non-alphanumeric characters
    one way to do that is to type digits with Shift key pressed; another way is to use N'th key among non-alphanumeric keys, for example, number each key in the sequence "`-=[]\;',." and when generator says "m2ighw5a" type "m=ighw\a"
  • if you're a Windows user, you may not know that your password is actually limited to 14 characters, case-insensitive and stored as two passwords 7-characters long each, hence
    make sure that your password is at least 8 characters long and each half contains some special (non-lowercase-letter) symbol
    Yes, I know, it may not be true since about Windows 2000 in a corporate (domain) environment. But even then, it may still be true.
  • if you need an all-digits PIN, you can specify an alphabet as 22233344455566677778889999 and then spend some time trying to find how to pronounce it

And one last thing. Do not write down your passwords ever! If you have one [thousand] too many passwords to remember, like yours truly, get yourself a password manager. What's the best one? Oh, that's another story... One idea is to use your cell phone.