#Xkcd secure password generator generator
Other generators have popped up online, but unlike most of those, this generator only uses common English words. In case you missed the strip, here it is: (But if you’re just signing up for a kitten video forum, you’re probably safe.)
#Xkcd secure password generator password
Use at your own peril! I’m not responsible for anything that happens as a result of your password choice. I wrote a simple BASH script that does the XKCD thing using the words file on Linux systems a while back that I use for a starting point, then I change a few things to get my final password.It’s a novel idea, but xkcd stops short of actually recommending such passwords, and so will I. They're still good passwords, but by making certain assumptions I can create rules that significantly reduce the number of possibilities when trying to brute force or guess. Ilovebluecarswithbigtires! or ILoveBlueCarsWithBigTires!
They also tend to put the symbol (if used) at the end. People also tend to capitalize the first character or in a passphrase the first character of each word. If someone told me they had a 26 character password, the first two I would try are:Ībcdefghijklmnopqrstuvwxyz and zyxwvutsrqponmlkjihgfedcba General rule of thumb is longer is better than complexity with some caveats. Even if they can get the password in such an instance you should be using different passwords for different sites to avoid it being useful to them. Not to mention secure passwords-beyond the absolute minimum of not using things like "Password1!"-are more about avoiding your password being discovered if the hash is leaked by a site compromise. Most people are far more likely to have their accounts compromised by things like phishing than by traditional cracking anyway. Length is better than "complexity" every time assuming the attacker doesn't know the exact way the password was created. If I generate 6 passwords using all of the combinations of three words it's true there are only six possibilities but if you don't know the three words or even that I used three words in the first place how does that help you as an attacker? Comments about the entropy of that particular generator assume the attacker knows you used it and didn't add any modifiers to the outcome.
Knowing the algorithm used to generate a password will always lower the challenge of cracking it. Love to hear everyone's general thoughts, as well as anyone who has considerable background in security. If it were random words, that would be considerably longer, but discrete words are more. (It's gibberish that made sense to me, so it wasn't like I spent time trying to memorize it). So my computer login for work, uses a relatively short pile of gibberish that I had committed to memory. Mainly thinking of a computer login screen, but I'm sure there are plenty of other similar situations.
Ideally, I would still use my password manager and use very long generated gibberish strings, but I figured a random word based password would be good in situations where you couldn't interface with a browser/pw manager, or maybe needed a bit of convenience. This site made a small random password generator with a relatively small pool of words, but it sparked an interesting discussion in the comments below about how secure the concept really is. So I had seen the XKCD Password Strength comic a long while back, and it made sense to me, but then I was wondering about dictionary attacks and whatnot, so I wanted to see where everyone stands on this idea.
0 kommentar(er)
