Password generator:

A password is a string of characters or a word that ensures user authentication. According to historical data, the first prototypes of passwords appeared in the Roman Empire in ancient times. Polybius, an ancient Greek historian, referred to wooden tablets with a watchword written on them used by the military. In case of computers, passwords have been used since 1961. During the same period, the first attempts to crack them were recorded. For example, Robert Morris offered to hash passwords for Unix operating systems. Now passwords are widely used. Given the beginning of web 2.0 era, when numerous websites have personal cabinets or directly provide access to a mass of personal data, authentication has become a must. So some web services offer user password generators right on their sites. Usually, authorization is made with the combination of a login/phone number/email and a password.

Currently, many websites have certain requirements for the selected password. For example, it must have a minimum of 6 characters with at least one digit. Such format is chosen for a reason, since the shorter a password, the more easily it can be found out automatically. The use of many numbers, special characters, and letters in different registers will give attackers really hard times. Don’t use popular simple passwords like “admin”, “1111”, “birth date” or “name_birth date”.

Hence, you should use automatic password generators. They will allow you to pick a reliable string of characters in a simple and quick way. Such programs work based on either a certain built-in formula or user-entered data. In the first case, a password generator provides a result using its internal algorithm, which doesn’t depend on user’s actions. In the second case, you can, for example, set a number of characters, the use of both registers, and indicate which characters to use (their type or a specific list). All password generators pick random characters, therefore, the passwords they create are more reliable than existing words or phrases.

Password Cracking Methods

Basically, there are two approaches to password cracking – cyclic entering of different passwords and hash analysis. In the first method, different variants of a password are successively entered into a system. An attacker hopes that one of them will match yours. The second case involves hash processing, which is usually made by other methods, for example, data interception.

The time needed to pick the correct password varies greatly depending on the type of access, the use of a captcha, blocking after a certain number of attempts, 2-step authentication etc. It also depends a lot on the length and complexity of a password and the hardware used for hacking. With the development of computer technology, password cracking has considerably speeded up. Now graphics processing units (GPUs) are used as they can produce much more combinations in less time than a CPU. One of the machines that beat password search record was the specifically developed "DeepCrack", which could generate up to 90 billion keys per second. Interestingly, such machines are tested with special password generators created for that.

The main methods of password cracking:

  • Brute-force attack. All possible combinations are gradually tested. This method is usually used after the alternative methods gave no results, as it is the most time-consuming.
  • Dictionary attack.Words from various dictionaries are tested. It allows guessing passwords that include difficult academic words.
  • Mask attack. A method opposite to the one used in password generators. An algorithm (mask) is created and serves as a basis for picking characters. Regular expressions are quite often used as such algorithm.

With our password generator, you will be able to quickly and easily create a really reliable password. The algorithm is JavaScript based so it can be executed directly in a browser. Spending a minute to create a secure password using the automatic password generator is better than regretting the broken account later.

Tips and Best Practices:

  1. Try not to share your passwords with third parties. Bank employees, site administrators etc don’t need your password whereas people who ask for it in many cases are crooks.
  2. It is not recommended to use the same password for various important accounts, especially if they are associated with the same mail.
  3. Do not use names or surnames of your friends and relatives, pets’ names etc.
  4. Do not sign in to important accounts on other users’ computers or through public WI-FI and free VPNs. This also can be dangerous due to the increased risk of data interception.
  5. Do not use words from dictionaries as your passwords, even if they are long and difficult. With a dictionary-based automatic search of passwords, attackers will quite quickly detect such passwords.
  6. If you have one password to multiple accounts, do not enter it on web resources you don’t trust.
  7. Check whether the website you are going to sign in has the encrypted HTTPS connection. This will reduce the risk of the interception and decryption of your data.
  8. If you receive an email from an unknown service which asks you to enter your login/password, double check which resource wants this data. There was a case when some Gmail users got an email informing that their accounts would be blocked if they didn’t verify them. To do that, they had to log in to a site which was very similar to Gmail authentication page and had the same domain. As the result, a part of trustful users was hacked.
  9. Regularly change passwords of your accounts.
  10. Use password generators to considerably complicate the cracking process.
Articles from the blog