416-621-9348 cgreaves@chrisgreaves.com

Visit www.ChrisGreaves.com for this image!

Home

Password Generation

Passwords can be the bane of life. We need them everywhere. We know we shouldn’t use the name of our pet (“Fluffy”) or our mother’s maiden name (“Higginsbottom”) but we know too that “they“ will ask us for our mother’s maiden name.

And we need so many of them, passwords, I mean.

We need so many that we need a document to hold all our passwords so that we don’t forget them; or at least, so we can forget them but recall them from the document.

Passwords have to be at least yeah-long, start with an alphabetic, preferably hold a mixture of letters, digits and punctuation, …

Here’s a solution to password generation.

Detailed Description Of Each Procedure

Beware the Clipboard

Let's not get paranoid, but let us be aware that keyboard loggers (“scam-scum") can read the Windows clipboard.

By all means use copy/paste to migrate a password from your stored set on your own machine which is squeaky-clean; but be cautious when employing this technique on a computer not known to you. Especially if you are called in to "fix it".

Technique for Confusing Keyboard Loggers

If you are devising a password system, consider asking users to devise a long password, say a dozen characters or so, and on each login attempt you (the developer) will select four or so characters at random and ask the user to key in only those characters.

The advantage to the user is obvious.

A mnemonic password can be used "Kabloodle, my dog".

You ask them (this time) to enter the 3rd, 9th and 2nd characters.

The user need key in only "bea" to gain access.

Next time you'll ask them for the 11th, 4th and 7th characters, and so on.

A significant administrative task, such as changing the password or adding a new user can be restricted to someone who types in the entire password.

Use a Macro

Use a macro to generate passwords. I’ll show you mine in these pages, including the source code, but you won’t be able to use what I show you to crack my passwords. Here’s why:

I use a randomizing method that draws on the date (on which I generate the password) and also the machine characteristics of the generating machine.

How’s that?

A typical macro is called “PasswordOfTheDay”, and it will generate a different password every day. Here is today’s password “76vdw”.

Another password is called “PasswordOfTheDayTime, and it will generate a (longer) different password every time I call it. Here is the password of a few minutes ago “76vdwxaquyw”. And here is the password a few seconds later “76vdwxaptw”.

Another password is called “PasswordOfTheDate, and it will generate a password based on the date I supply to it. Here is the password of the day on which I last bought a book “76vdxwv”.

Armed with my source code (below), you will be able to generate passwords, but they won’t match mine, even if you could guess or work out what day I typed this up, or the time to the nearest second, or even if you knew about my purchase of Kinsella, because you are not running the macros on my machine. Your machine has different characteristics, and so your generated passwords will differ from mine, even if you get the dates right.

One last thing: I do not always use the passwords as generated. Sometimes I paste them three times into the text box, thus “76vdw76vdw76vdw”, which gives me a longer password string. Sometimes I add the letter “z” to the front. Sometimes I think of what year it is (2009) and add the corresponding letter of the alphabet to the front, or back, hence “i76vdw” or even “i76vdw76vdw76vdw”. As long as I am consistent in my single mental rule, I can consistently make use of a one-click randomly generated password, reducing my burden of inventiveness.

The Macro PasswordOfTheDay 



Loading

Toronto and Mississauga, Wednesday, August 03, 2011 3:12 PM

Copyright © 1996-2011 Chris Greaves. All Rights Reserved.