Join 3,497 readers in helping fund MetaFilter (Hide)

Password Generator
August 23, 2009 6:13 PM   Subscribe

Password Generator
Using the same password for multiple email, e-commerce and social networking websites is risky, but 61% of web users still do it. This tool allows you to generate unique passwords for a bunch of popular websites in one step. Based on Nic Wolff's original.
posted by Lanark (7 comments total) 11 users marked this as a favorite

There's also Passwordmaker, which operates along similar but more customizable lines, and has a wonderful Firefox extension and a command line version and a downloadable locally-runnable JS version.
posted by dmd at 5:56 AM on August 24, 2009


This is very clever; well done!

May I suggest an improvement? Is it possible to have the generated passwords NEVER start with a non-alphanumeric? Or to be able to specify that passwords can ONLY be alphanumeric? Many websites have bad password policies.

Thanks for this!
posted by DWRoelands at 6:53 AM on August 24, 2009


Is it possible to have the generated passwords NEVER start with a non-alphanumeric?

It looks like password maker can do that, but the problem with adding lots of extra options is that the added complexity will put off novice users, who are the people most likely to be using poor passwords in the first place.

The last thing you want when regenerating a set of passwords is having to remember which character set and encryption library you used last time around, it becomes too easy to guess wrong a few times and lock out your account. Changing the algorithm now would also break compatibility with Nic's original and the nifty iPhone version.

In a similar way, many password generators use a website url as the keyword for generating passwords, but that can get problematic too: was it www.metafilter.com or just metafilter.com or https://www.metafilter.com or https://login.metafilter.com ??
If the url changes (like www.digg.com -> digg.com), will you remember the exact url as it was when you first setup your password?
To avoid that issue I kept the keywords as simple as possible: 'metafilter'

For sites that won't accept extended characters you could just remove them manually, e.g. every + could become P (for plus) every ^ could be C (for caret) etc

The script does already include "1a" at the end of every password generated to match the common "must contain at least one letter and one number" requirement.
posted by Lanark at 12:07 PM on August 24, 2009


I have to ask; what's the advantage over PwdHash, a browser extension?
posted by pwnguin at 1:02 PM on August 24, 2009


^ from a security point of view probably nothing, but if you have ever tried to educate a novice user about this, you will know they often find this stuff hard to fathom: "...see you fill in a password here and then type in a salt value here - and then it gives you back a different password" at this point their eyes start to glaze over.

If instead you show them a page that magically turns one password into 25, you'll see a lighbulb come on "Ah! so I only need the one password"
posted by Lanark at 4:55 PM on August 24, 2009


I would suggest putting using the url

http://punchcast.com/passwordgenerator

for SEO purposes. Or make it a subdomain.
posted by schindyguy at 11:12 AM on October 22, 2009


The password generator has moved!

You can now find it at http://ss64.com/passwords/

This is probably a good time to mention that it's a good idea to save your own copy of the password generator page.
Keeping your own copy ensures it will still be available to you even if the website goes off-line.
You can also View-Source and see exactly how the javascript works, copy it to a USB stick, email it to yourself, even upload it to your own website (it's open source.)

posted by Lanark at 1:12 PM on April 25, 2011 [1 favorite]


« Older Revolving Floor...   |   Tee Virus: Community Driven Sh... Newer »


You are not currently logged in. Log in or create a new account to post comments.