Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Generate strong yet memorable passwords System
A good, secure password has a number of key characteristics:
  1. It will be relatively long (the more characters the better)
  2. It will be relatively random (it should look like gobbledygook and it shouldn't contain sequences of letters that can be found in a dictionary or list of names -- in any language!)
  3. It will contain both alphanumerics (letters and numbers) and non-alphanumerics
  4. Most importantly of all: It should be memorable!
Read on for some advice on how to create passwords that meet all four criteria...

[robg adds: Although this isn't specifically an OS X hint, good password security is quite important, so I felt it was worth the space. We ran a very basic hint on this subject back in 2001; the following is a good update to it.]

How can the first three characteristics be tallied with the fourth? Surely, it is too hard to remember something that encapsulates all or even some of those first three without it breaking the fourth ... and this is how we end up with people using "password" as their password. Personally, I find the "I can never remember a long password because it is too hard, so I have to keep it as my pet's / dad's / mother's / etc name" attitude a tremendous cop-out. Everyone can remember what is a seemingly complex password, so long as they use a method that will allow them to do it.

Imagine the following scenario -- you've just received a new PowerBook G4 from your workplace, and you need a password for your Mac OS X FileVault login. It is a given that this password has to be as secure as you can make it, as your new machine can easily be stolen, and it is going to have sensitive information on it such as trade secrets and your workplace's banking details. So how do you generate a difficult to crack, yet easy to remember password? Try one of the following two techniques:
  1. Tell yourself a story.

    "This is my brand spanking new PowerBook G4 - aren't I lucky!"

    To generate a password from that, simply take the first letter of each word (it could have been the second, third, fourth letter ... or it could have been the last) and type it out, along with the punctuation you have in the statement:
    timbsnPBG4-ail!"
    Almost instantly, you have a pretty good password that only you are going to know... and in this particular case, it even contains some capitalisation and some non-alphanumerics. Obviously, this requires you to be able to remember the story. Since not everyone can do that, so there are variations on a theme for this technique, such as using the lyrics of your favourite song(s), poems, quotes, etc. as the basis for the password(s). Perhaps what you remember best is a smell or taste, the ingredients to your favourite meal, whatever. There is something that you as an individual can remember and remember easily. Even if it is your pet's / dad's / mother's / etc. name, you can still generate a complex yet memorable password from them, so long as you use all their names at once and introduce some randomness into the process -- such as only using the last two letters from each in a combination that ends up looking like goobledygook.

  2. Use your keyboard.

    If the first technique is a non-starter for you, try using your ability to remember a spatial layout. In this instance, it is your keyboard that you will choose as your canvas (and in my case, this is a British QWERTY keyboard). This method has the advantage of generating passwords that you don't even have to remember ... all you need to be able to do is remember how you typed them.

    Pick a couple of letters to form the base of your password, and then type a pattern about them. E.g. using the d and k keys as the base, I can type the following:

    erfcxsiol,mj
    ... simply by starting at the key to the top left of each of the base keys in the hexagon of letters that surrounds them (e in the case of the d key, and i in the case of the k key). Hey presto, an instant "random" password that takes very little to remember. Self evidently, this technique has a huge potential for variation. I could have typed in an anti-clockwise direction around one of the base keys and clockwise around the other, or started at a different letter in the hexagon, added a third / fourth / fifth base key, held shift down for one of the hexagons, etc., etc.

    Using a different keyboard method altogether, I could have picked the first, fifth and seventh alphanumeric key on each row of the keyboard to get:
    157qtuagjzbm
    And so on, and so on -- practically, there is no limit to the combinations of keypresses you can make based on a spatial awareness of your keyboard. You can use these combos to generate secure passwords that are easy to remember.

    Proviso: Obviously, this technique relies on all keyboards being equal. If you need to have a "portable" password (one you can type anywhere on any machine), be aware it will fail if you have to use a radically different keyboard (e.g. a DVORAK keyboard or a keyboard designed for another language). That is, unless you are also able to remember the exact characters of the password, but in that case, you probably wouldn't be using this technique anyway!
Improving your password(s) even further:
Once you have a basic password generated by the above techniques, you can improve it further by introducing some elements of randomness:
  1. Include some additional punctuation -- e.g. for the last example above, hold down shift and type the first, fifth and seventh number key, and add that to the beginning and/or end of the base to get:
    !%&157qtuagjzbm!%&
  2. Capitialise some of the letters (e.g. the most frequently occurring letter, the start and/or end letter of the hexagon, the fifth letter in the row, etc).
  3. If you are only using the password on a Mac, you have the added advantage of being able to use the option key to increase the number of non-alphanumerics, so when typing hold it down for some or all of the characters. For instance, 157qtuagjzbm can become:
    ¡5¶œt¨åg??bµ
    This will hugely increase the difficulty of cracking your password. This tip alone will even improve your pathetic six-letter word, turning it from easily cracked password into something that is moderately OK. However, be aware that this will limit you to using this password on Macs only. Also, it will only work on Macs that have the exact same keyboard as your own. Be careful with this technique, if you do use it.
  4. Avoid having words or names within your password by altering a letter to something memorable. E.g. timbsnPBG4-ail! has the name tim in it, so change that to t!m to give t!mbsnPBG4-ail! instead.
  5. Stick some numbers in there -- your age, your mother's age, the year, the date the last time your favourite team actually won something ... anything so long as it is something you can remember.
So there we have it ... it isn't a hard thing to create a secure password or passwords that you can remember, and it is probably a heck of a lot easier than many imagine. Even if the two techniques above don't work for you, there will be something that does. You just have to work out what it is, and then you can use it for the rest of your password generating life.

Obviously, if you are using Mac OS X, you can use Keychain Utility, in /Applications -> Utilities, to create notes for all your passwords that will display them once you've entered your master Keychain password -- an added bit of memory for you for those occasions when your brain simply won't work!
    •    
  • Currently 3.57 / 5
  You rated: 4 / 5 (7 votes cast)
 
[40,467 views]  

Generate strong yet memorable passwords | 37 comments | Create New Account
Click here to return to the 'Generate strong yet memorable passwords' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Generate strong yet memorable passwords
Authored by: macshome on Sep 23, '04 11:29:32AM

Mac OS X 10.3 has a built-in password assistant, but I only know one way to access it.

1. Open the Keychain Access utility.
2. Select Edit > Change Password for Keychain...
3. Click the "i" button to open the Password Assistant.
4. Test your passwords in the "New Password" field. You don't need to change your password to test new ones.

Have fun.



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: JKT on Sep 23, '04 12:56:53PM
This was already posted as a hint here at MacOS X Hints, if you want to see images of how it looks:

http://www.macosxhints.com/article.php?story=20031026012223557&query=password+security

(I can't work out how to post direct links here at MOSXH!)

Note to RobG:
There are a couple of typos in the hint:

1. the erfcxsiol,mj password has an additional < at the end which shouldn't be there (probably a remnant of your improving my html ;-)
2. The second technique has a second number 2 in its title.

Cheers,
JKT

---
PB G4, 1.5 GHz, 2x512MB RAM, 128MB VRAM, 80 GB 5400rpm HD, SuperDrive, MacOS X 10.3.5

[ Reply to This | # ]

Generate strong yet memorable passwords
Authored by: momerath on Sep 23, '04 12:19:10PM

Mozilla/Firefox's master password configuration also has a password difficulty analyzer.



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: romulis on Sep 23, '04 12:58:00PM

Great hint. Thanks (I've actually been doing this for years but never thought of writing it up as a hint - well done!).

My problem is that I've got too many good passwords. I generally try to use a different password for most websites, and even more different passwords at work - I stopped counting them at 20 :-) To make things worse they introduced password aging at work, so they're constantly changing too *sob*

But Apple helps here too! Keychain Access is intended to give you some control over the automatically stored passwords (from safari, finder etc.) but you can use it to store your passwords too.

Start Keychain Access (in your Utilities folder). To store a new password, click on the password icon (the key at the left of the toolbar) and you can enter a name (the application/machine/site or whatever), an account name and a password.

To see a forgotten password, open Keychain Access and click on the name of the password you stored. At first it won't show the password. To see the password you first have to click on the show password button (bottom left), enter your login password in the pop-up dialog and then click either allow once or always allow to display the password. If you click on allow once then you will have to supply your login password the next time you want to see the stored password again. Selecting always allow will cause Keychain Access to show the password in the future as soon as you click on the show password button.

Of course this relies on you having a good login password and you NOT FORGETTING IT :-)

I've been using this for a while now, and although it is a little cumbersome, it does provide a neat way of storing sensitive information, and it's already saved some serious headaches



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: Felix_the_Mac on Sep 23, '04 01:56:27PM

I find keychain Access extremely useful.

It means that I can use secure passwords on all web sites etc that I visit because I dont have to remember them.

The description above makes it sound rather complicated (not a criticism) , however once it is configured it isn't really.

TIP: you can get a Keychain access icon in the menu bar which makes it very quick to access the app. To do this start Keychain Access and then goto view >> Show status in menu bar.

REMEMBER to backup your keychain files, otherwise you may loose all your difficult to remember passwords. (The way I do this is by backing up my entire home folder.)

Also I use apg (automatic password generator) to create pronounceable passwords ten at a time, I then choose one I like. I got this program via fink but I am sure there are other sources.



[ Reply to This | # ]
Generate AND STORE passwords--portably!
Authored by: jspivack on Sep 23, '04 03:59:13PM
I use and *love* SplashID. It stores passwords by category, with extra custom fields, and syncs perfectly with my PalmOS PDA, and version 3.0 inculdes a generator. The Palm sync is key as it makes all of these passwords (and software serial numbers, and insurance policy numbers, and .... i have hundreds of entries) portable! And safe--the database is encrypted. $30, definitely worth it.

[ Reply to This | # ]
Generate AND STORE passwords--portably!
Authored by: pete on Sep 23, '04 11:21:43PM
I saved myself the money and use YAPS (Yet Another Password Saver.)

You can make your own categories and save anything you want. It isn't flashy like SplashID, but it does the job, and is free.

It's available at http://www.msbsoftware.ch/

[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: vondrix on Sep 23, '04 01:32:40PM

I'm pretty sure that since panther, the password maximum length has been increased. So you can just use the sentence: "This is my brand spanking new PowerBook G4 - aren't I lucky!" directly as a password, including punctuation.



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: JKT on Sep 24, '04 05:50:25AM

While this is true, that password would fail the second criteria I listed for a good, secure password. In other words, while it would be an OK password purely on the basis of its length, it would still be quite crack-able due to its extensive use of plain English.

---
PB G4, 1.5 GHz, 2x512MB RAM, 128MB VRAM, 80 GB 5400rpm HD, SuperDrive, MacOS X 10.3.5



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: david-bo on Sep 24, '04 08:15:25AM

No, you are wrong. If you try to brute force crack passwords with a length of 11 regular words that is practically an infinite number of passwords to go through.

On each position you have houndreds of thousands, maybe millions, of alternatives - which is far better than using 11 letters from even the whole UTF16 character set. Practically, if you use letters, you are limited to 100-200 alternatives/position. In other words:

200^11 or 200 000^11. You do the math.

---
http://www.google.com/search?as_q=%22Authored+by%3A+david-bo%22&num=10&hl=en&ie=ISO-8859-1&btnG=



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: tekfox on Sep 23, '04 01:33:21PM

Greetings,

I've been generating my passwords through a small Java utility that I wrote a few years ago. GenPasswd accepts a word of six characters or more and mangles it by inserting digits based on a simple algorithm. I use GenPasswd in combination with mnemonic phrases, such as: iamhungry or with foreign words. iamhungry, for example, becomes i8mhu5gr9.

The listing for the program is below.

/**
  

Password generating utility version 1.0

© copyright 2001 Eugene Ciurana -- distribute as you see fit as long as you keep this copyright notice. @author Eugene Ciurana @version 1.0 */ public class GenPasswd extends Object { // *** Private and protected members *** private static void helpUser() { System.out.println("genpasswd: Too few arguments\n"); System.out.println("Syntax: genpasswd word1 word2 word3 ... wordN"); System.out.println(" wordN is a 6-letter (or more) string"); } // helpUser // *** Symbolic constants (public and private) ***** // *** Public methods *** // ***** Main program ***** public static void main(String[] argV) { if (argV.length == 0x00) helpUser(); for (int nLoop = 0x00;nLoop < argV.length;nLoop++) { if (argV[nLoop].length() < 0x06) System.out.print(argV[nLoop]+" -- word too short"); else for (int nInnerLoop = 0x00;nInnerLoop < argV[nLoop].length();nInnerLoop++) if (nInnerLoop == 0x01 || nInnerLoop == 0x05 || nInnerLoop == 0x08) System.out.print((nInnerLoop+argV[nLoop].charAt(nInnerLoop))%0x0a); else System.out.print(argV[nLoop].charAt(nInnerLoop)); System.out.println(); } } // main } // class GenPasswd

Use a text editor to create this file. When done, compile with javac:

javac GenPasswd.java

To execute it, run:

java GenPasswd someword

I hope you find this useful.

Cheers,

E

---
Have you read The Sushi Eating HOWTO?
http://eugeneciurana.com/musings/sushi-eating-HOWTO.html

[ Reply to This | # ]

Generate strong yet memorable passwords
Authored by: adrianm on Sep 23, '04 01:49:03PM
What's with all the hex constants and the useless extends Object ? Sorry, I just spent a day reviewing other people's java code - need to break the habbit :)

[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: _merlin on Sep 23, '04 07:55:10PM

Remember that "foreign" words are only foreign to you.



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: ciurana on Sep 24, '04 05:14:43PM

merlin_ wrote:
> Remember that "foreign" words are only foreign to you.

Indeed. It might still be vulnerable to a dictionary attack; the mangling algorithm seems to do a decent job in creating mnemonic passwords, though. I usually go for phrases, though. Harder to nail them with a dictionary attack.

Cheers,

E (aka tek_fox)


---
http://eugeneciurana.com/musings/sushi-eating-HOWTO.html
San Francisco, CA USA



[ Reply to This | # ]
My password algorithm
Authored by: rhowell on Sep 23, '04 02:33:29PM

This is my password algorithm:

Let's say you've had a favorite password for years, and you know it so well that you can type it really fast without looking at the keyboard. But lately you've realized how terribly insecure it is. For example, maybe its actually "password". That's OK, because we can get many new secure passwords from this, without having to teach yourself a "story".

To generate the new password, simply translate your fingers on the keyboard over to the right one key. In this case, your new password becomes "[sddeptf", and you can type it just as fast without looking.

Got another computer? OK, translate over to the right one key and up one key. Your password for this machine is "+err4-6t".

Another computer? How about down one key: ";zxxslfc".

Another computer?...



[ Reply to This | # ]
My password algorithm
Authored by: hagbard on Sep 23, '04 03:07:45PM

Your algorithm is great, but I'd add a little advice for people who, for example use AZERTY keyboards and might travel abroad (the same applies for any two types of keyboard) : you won't be able to log to your account unless you know your home keyboard by heart !
You might argue that you can change the input language, but not in a cybercafe, or on a PC (well you can but don't expect the owner will let you).
And sometimes characters outside the A-Z 1-0 are placed differently, depending on the manufacturer.
So be warned...



[ Reply to This | # ]
My password algorithm
Authored by: Tonex on Sep 24, '04 03:27:43AM

Ok I'm no cyptologist, but it would seem to me that if your password was 'password' or some other common word, then your method would not hide the password from someone who was trying to get in to your machine.

Wouldn't a password cracking program be able to spot your trick quite easily? You're not actually randomising anything so the pattern of your word would still be recognisable, all the program would have to do is figure out where you had shifted your fingers to.

---
Remember - in a million years we'll all be dust, and none of this will matter



[ Reply to This | # ]
Another password algorithm
Authored by: QuestnbleSwami on Sep 23, '04 04:18:24PM

Another way to generate a pool of secure passwords that are (relatively) easy to remember is to do the following:

1. Come up with a grouping of things that is easy to memorize (e.g., odd animals):

giraffe
platypus

2. Find a series of numbers that is easy to remember (e.g., your phone extension at work). Split the number and wrap it around a word from step 1; you can reverse the number as well:

44giraffe31
31platypus44

3. Convert certain characters to non-alphanumeric characters (e.g., i to !, a to @):

44g!r@ffe31
31pl@typ#s44

You can vary steps 2 and 3 to generate a pool of unique passwords, which is handy when you have to generate and remember passwords for email, message boards, computer accounts, etc. As long as you can remember the group, the number, and which characters you switch to non-alpha, you can always retrieve the password (though it sometimes takes a couple tries).



[ Reply to This | # ]
Another password algorithm
Authored by: googoo on Sep 24, '04 02:08:49PM

You can also convert the numbers to characters and the characters to numbers by pressing/releasing the shift key. The examples above become

$$g1r2ffe#!
#!pl2typ3s$$

Have fun!

-Mark



[ Reply to This | # ]
Password Generator
Authored by: acdha on Sep 23, '04 06:10:58PM

I took Tom Van Vleck's Pronounceable Random Password generator and added a Cocoa-Java front-end for it which allows you to control the password length and complexity: http://improbable.org/chris/Software/



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: laurence.wilks on Sep 23, '04 06:55:08PM
For web based applications I use the following PHP script

# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
# @func   randomPassword();
# @desc   Generates a random password 
# @output none
#

#function to generate a random password
function randomPassword($length)
{
	#generate a unique random password
	
	mt_srand((double)microtime() * 1000000);
	
	$possible = 'abcdefghijklmnopqrstuvwxyz0123456789' . 'ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
	
	$randompass ="";
	
	while(strlen($randompass) < $length)
	{
	
		$randompass .= substr($possible, mt_rand(0, strlen($possible) -1), 1);
	}
	
	$randompass = trim($randompass);
	
	return($randompass);
}



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: pete on Sep 23, '04 11:15:36PM
An easy way for me to remember long, strong passwords is by using my PDA and a freebie program called 'Keygen'.

You can let it pick one for you, or you can customize the letter, number and punctuation placement. I just keep clicking away on it until I find one that clicks with me. I have 12 character passwords that stick almost immediately.

You can find it at http://www.tamalo.com/downloads/

[ Reply to This | # ]
Another way
Authored by: Lectrick on Sep 24, '04 12:06:30AM

Google "diceware" (site seems to be down currently)

They had a good way to create easy, relatively memorable and secure passwords.

---
In /dev/null, no one can hear you scream



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: drei on Sep 24, '04 03:40:40AM

An Open Source solution to create random passwords with different options, one of them to have the password pronouncable is Automated Password Generator (APG).
It consists of a command line tool and a PHP frontend (APGonline).

Output for pronouncable passwords looks like this:

  • EdwajMy (Ed-waj-My)
  • LarcAm4 (Larc-Am-FOUR)
  • RetNifs (Ret-Nifs)
  • diubgobs (di-ub-gobs)
  • KojPigji (Koj-Pig-ji)
  • prun:Da (prun-COLON-Da)



[ Reply to This | # ]
A stolen Mac and Keychain Access really secure?
Authored by: szabesz on Sep 24, '04 06:02:43AM

I am just wondering: what is going to happen when you use the Mac Os X install CD to boot, change the passwords, so you have a complete control over anyone else's system. With the new password you login and use the Keychain Access. Is it secure? Anyone with some experience?



[ Reply to This | # ]
A stolen Mac and Keychain Access really secure?
Authored by: JKT on Sep 24, '04 07:27:38AM

This is one of the purposes of FileVault. As it stands, if you have a normal account set-up without a Master password and FileVault activated, anyone with physical access to your machine can easily access your account using the method you described - boot from Install CD, change the admin password and then access the admin's Keychain to see all their passwords.

If you use FileVault this is no longer possible as changing the password with the install CD disconnects the FileVault from the user - all that the person hacking into the system would get is access to an encrypted image for which they would need the Master Password to mount. The Master Password itself is set in stone and cannot be changed. See the Security panel in System Preferences (in 10.3.x) for more info.

As an alternative to FileVault, you can choose to use a password for your Keychain that is not the same as your login password, so that it remained locked even if someone changed your login password. That is, you would have to type in another different password after login to allow the system and applications to access the keychain.

---
PB G4, 1.5 GHz, 2x512MB RAM, 128MB VRAM, 80 GB 5400rpm HD, SuperDrive, MacOS X 10.3.5



[ Reply to This | # ]
A stolen Mac and Keychain Access really secure?
Authored by: VirtualWolf on Sep 24, '04 11:55:18PM

If you boot from the install disc and reset a user's password, their Keychain password isn't changed at all. It remains as the original password.



[ Reply to This | # ]
A stolen Mac and Keychain Access really secure?
Authored by: davidefrank on Sep 24, '04 03:57:04PM

This gets awkward to explain, but here goes.

Let's say Fred and Barney both have accounts on a Mac OS X system. Suppose Fred wants to break into Barney's account. If Fred is an administrator, he can just change Barney's password via the Accounts pane of System Preferences. If Fred is NOT and administrator, or perhaps Fred has stolen Barney's machine, he could change Barney's password by booting the system from the Mac OS X installer CD. (Unless booting from the CD is disabled in Open Firmware.)

Now Fred can log in as Barney. But Fred still cannot unlock Barney's keychain! Fred only has access to Barney's local account, NOT to every account defined in Barney's keychain.

Here's why. When a user changes THEIR OWN password in the Accounts pane of System Preferences, their keychain password is changed to match. BUT if an admin user changes ANOTHER user's password, the keychain password is NOT automatically updated. The same is true for passwords reset via the startup disk.

(A "normal" user - ie not an administrator - can't change another user's password. Thank goodness!)

I had to be convinced that Keychain represented a net gain in security. Overall I believe it does in fact increase the security of the user's many login identities, while it also adds to the convenience of accessing many accounts. Not a bad accomplishment!

-Dave Frank



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: IslandDan on Sep 24, '04 08:22:28AM
Try passmaker.com. It creates passwords from combinations of multiple words with interspersed non-alphabetic characters. The password generation can be talored to your needs by selecting lengths. The strength of generated passwords is provided as is the code. Passwords look line: fling5bonus or wriggle8inclines!gamely2thunders for the parinoid. The security of these two examples are respectively: 1 of 3,874,629,953 and 1 of 14,170,963,388,194,843,787,264.

[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: Azark on Sep 24, '04 02:38:31PM

I use Passenger.
What I like is that I can find back generated pw if I have the master password and the name/login used.

http://macinmind.com/Passenger/

---
PB Ghz 1024MB Combo 10.3.5
G4 400 AGP 512MB 10.3.5
G4 400 AGP 768MB OSX Server 10.3.5



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: darkbytes on Sep 25, '04 11:42:15AM

I noticed recently, after fudging my root password half-way through and just hitting ENTER for another try, that when using `su` in OSX only 8 characters of your password are required for changing users. This deeply disturbs me, as most of my password are 20 chars or longer.

But I can `su` to any one of my users with as little as 8 characters, including root.



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: alys on Oct 01, '04 04:53:43PM

$o#he#-$u%#in& heck! This is correct; only the first 8 characters of my 17-character root password are necessary when I use su to become the root user. This is not good! A unix sysadmin friend of mine says that this is a known problem amongst some Unixes, although it's not as common now as it was a couple of years ago.

When using sudo, the full password must be entered, not just the first 8 characters, so I guess this is another reason to always use sudo and never enable the root user account.



[ Reply to This | # ]
More then 8 characters
Authored by: yellow on Oct 14, '04 08:30:46PM

As noted, this is a UNIX failing. However, Panther took care of this failing in Jaguar (and pre-jaguar). If you're running Panther (and upgraded from Panther), all you have to do is change your current password(s) and you will forever be free of the 8 character limit. The limit in Panther is significantly higher.



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: Chiwo on Sep 27, '04 12:41:33PM
I don't bother to make my passwords memorable. I use the Mac OS keychain to remember my passwords for me. For passwords on the web, I generate a large random hexadecimal number using this command
hexdump -n 16 -e '16/1 "%02X" "\n"' /dev/random
I back up regularly so that my keychain is safe, but even then web sites let you reset your password without much hassle.

[ Reply to This | # ]
more command-line quickies
Authored by: FACEMILK on Sep 29, '04 04:23:44AM
I love that one. Already added to my collection.

Here are some that I created a while back; excerpted from my .bash_profile:

function rand-pass
{
        # this one strips iffy chars from output
        jot -r -c 64 32 128 | rs -g 0 16 | tr -d "\ \`\'\"\~\<\>\[\]\(\)\{\}\.\,\:\;\?\@\\\/\|"
}


function rand-file
{
        # this one strips all but alphanumeric chars from output
        jot -r -c 64 32 128 | tr -cd "[:alnum:]" | rs 0 16
}

All of these are far from easy to remember though.

[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: segdeha on Jul 14, '05 11:02:13AM

I created a Dashboard widget (the generally well received Make-A-Pass) that has similar functionality to what's being discussed here. It lets you generate passwords between 4 and 64 characters in length with the following options:

  • Include uppercase letters
  • Include lowercase letters
  • Include numbers
  • Include punctuation
  • Exclude similar characters

    --alternately--

  • Make pronounceable (FIPS 181) passwords

Now that I'm aware of Password Assistant, I'd prefer to tap that directly within my widget. Does anyone know if there is a command-line interface to Password Assistant?

Thanks!
-Andrew



[ Reply to This | # ]
Generate strong yet memorable passwords
Authored by: JKT on Sep 07, '05 02:01:40PM

Important update for 10.4 - you musn't use "high" ASCII characters in your password (those achieved by pressing the option key with the alphanumerics) as this will lead to a BSOD:

http://docs.info.apple.com/article.html?artnum=302231%22

---
PB G4, 1.5 GHz, 2x512MB RAM, 128MB VRAM, 80 GB 5400rpm HD, SuperDrive, MacOS X 10.4.2

Visit www.thelandgallery.com for nature-inspired British Art



[ Reply to This | # ]