Passphrase Generators

 

Since passphrases are more secure than passwords, I have started using them for different sites when I can. A lot of people found out about them from a comic at XKCD. Here is a list of passphrase generators that I use, and some that I have come across:

• Preshing’s Generator (redirected from passphra.se)
• Correct Horse Battery Staple –  source on bitbucket –
• Fourmilab (this guy’s vocabulary is better than mine, or he is using words from other languages)
• Readable Passphrase – this looks like a downloadable C# app, and requires a KeyPass plugin.
• Make Me A Password – This is made by the same guy who made Readable Passphrase. This one is online, and does not require KeyPass. There is another generation page here, and the source is here. As of 2019-07-29, the generation page does not render properly in Firefox or Chrome.
• Use A Passphrase – He recommends you save his page to your hard drive and use it for greater security. You can find it on github. (One of the passwords I got was “problems billing jewish control”. Sometimes you get some interesting ones.)

There are a few passphrase generators that are diceware. I think the EFF likes diceware.

• Password dot diet – with source code on github. You can run this on your laptop/desktop. One downside is that the passwords are in ALL CAPS. (Note: I checked the site on 2017-07-23, and it no longer appears to be active. The github repo is still online, but since it was written in Javascript, there is a good chance it might not work anymore.)
• Some guy named Doug has one too – as well as source on github. This is another downloadable javascript web page. One downside is that you have to run this in a webserver, as opposed to just saving the complete page in Firefox.
• Here is one from a company called Hidester that sells a VPN – The page has some nice info on diceware and why you should use it for generating passwords. I don’t see a link to any source code. I saved this on Firefox (saving all the images and Javascript as well) onto my Ubuntu laptop. The saved page did not work with either Firefox or Chrome.

I wrote about a command I re-discovered to make a local passphrase generator here.

Hopefully all these will still be valid when we all use quantum computers.

Someone from PixelPrivacy referred me to their page about the dangers of password re-use. I don’t think this will be a problem now that I use KeePassXC, but it would be nice if it could check my passwords and look for duplicates anyway.

If a site still requires you to use a 54d_Tr0m8on3 (“sad trombone”) password, try Steve Gibson’s Ultra High Security Password Generator. Or you could use Secure Password Generator. This site also features some security tips. This person does not like using dictionary words at all.

You could also create a password on Linux or cygwin on the command line. Here is a command that will create a 16-character random string with upper- and lower-case letters, numbers, and the characters “_”, “+” and “-“:

alias randpw='< /dev/urandom tr -dc _A-Z-a-z-0-9\+- | head -c${1:-16};echo;'

Put that in your .bashrc file (command based on information here, here and here).

You can also do this on Windows 10 in the PowerShell (see this page on Microsoft’s web site). Save this in a file with a “ps1” extension:

-join ((65..90) + (97..122) + (48..57) + 43 + 45 + 46 + 61 + 95 | get-random -count 15 | %{[char]$_})

“join” puts it all on one line. The ranges and numbers are ASCII characters (see this chart). So you are sending characters to the get-rand function 15 times.

Steve Gibson also has a password checker on his site. You can save that and use it. Another password/passphrase checker that you could download and save is this page by My1Login.

Note 1: When I say you can save some of these pages, you also want to save the Javascript. As much as I hate Javascript, it actually seems to be useful for this situation. In Firefox, you should pick the option “Web Page, complete” to get the Javascript, as opposed to “Web Page, HTML only”.

Note 2: I have started using KeePassXC for managing and generating passwords.

You’re welcome.

Image from World Digital Library, assumed allowed under Fair Use. Image from the Ashburnham Pentateuch, or Tours Pentateuch, a Latin manuscript of the first five books of the Old Testament from the 6th century or 7th century. Its place of origin is unknown.