Members area‎ > ‎

PASSWORD GENERATOR

ABOUT

Allows you to generate unique passwords for every occasion. 
You need to remember your master password and you need to use very clear, obvious names for the services/sites.

Providing you can remember your master password, and you can identify the service/site name in the future. This generator will tell you your current passwords.

This is provided as an aid to improve your internet security. It does not guarantee anything and I nor GlobeRowingClub take any responsibility for this - It is provided in good faith only.

This password generator runs in your browser, no content in or out is transmitted over the internet.

Simpler Alternative

Another technique is to take a phrase that means something to you and pick the first letter from each word, then capitalise every other letter for example

  • "i like sunny sundays" - iLsS

next we need a number, you could generate one from a few mathematical operations on your date of birth, for example
  • year of birth divide by month multiply by day:  (1980/6*30). (you may want round it to 0 decimal places) = 9900
next we need to make the password unique. if this is for gmail, why not add "gmail" to it?

Finally, we can pad the password with a series of pretty characters. This can be anything from a series of dots (.....) or a funny face ;-). you can pad the beginning and the end. here are some examples:

  • $(iLsS9900gmail<:-&)
  • iLsS9900gmail........
This isn't as secure as the generator above. If a human looked at your password they maybe be able to presume that replacing "gmail" with another service name might give them your other passwords. But its rare that anyone would spend that much time hacking you, (unless your are a public figure), we mere mortals are hacked by computers which are much less likely to recognise such patterns.


Testing Your Password

* This is a service that I personally trust to calculate the length of time a hacker might take to breach your password assuming the hacker has no personal information about you.  There is a lot of information on that page, and indeed that website. If internet security is something you wish to fully understand on a technical level GibsonResearch is a good starting point.


General Advisories

Most passwords are found and collated into dictionaries by hacking services that are popular and perhaps less secure than they should be. When a service is hacked and users details are leaked these passwords are collated into dictionaries of known passwords which will then be used to gain access to other services.

For example, using the same password for low risk website login and for your bank could mean that a hacker gets your bank password by hacking the low risk website. They would be unlikely to know this, but that password no matter how good it was is now in the public/hackers domain and it will be tried.

Whether you use this password generator or not, please consider this basic password advice:
  1. Use separate passwords for each service. Do not have one good password that you use for everything (this is the point of the generator above)
  2.  Do not enter passwords into webpages that are not secured (with exception to this page, because you can trust GRC). Secured pages are shown by a padlock symbol in your browser. The URL also starts "https", the s is for secure.
  3. When creating your master password, or any password. Do not use any word from a dictionary or any popular/public word/name that could be on a hackers dictionary. Dictionaries provide a list of known potential passwords.
  4. Make sure your passwords span into as many character domains as possible, EG:
    1. lower case letters AND
    2. upper case letters AND
    3. numbers AND
    4. special characters, !"£$%^&*()_+{}~@?><|[];'#/.,`\
  5. Password length is more important than the randomness of the password. You can pad your passwords with the same series of characters to achieve this.
  6. If you use this password generator, make a local copy of it in case it ever goes offline. use CTRL-S to invoke the save page option in most browsers.
Sometimes you are not allowed to use special characters in your password OR you may be limited by the number of characters. When this happens you may need to adjust the output from the generator and make an explicit note to yourself of what amendments you made.

To help you manage this password scheme you can log the site/service name and any special amendments in a file on your computer, or in your paperwork. If this file was found it would not be enough to compromise this system as they would also need to know your master password AND they would need the generator or method of generation this generator uses. 

3 parts are required to create and recall these passwords:
  1. Your master password
  2. Your service/site name for a particular service/site
  3. This generator.