ansaurus

Question

Generating Random Passwords

Answer 1

+4 A:

This is a lot larger, but I think it looks a little more comprehensive: http://www.obviex.com/Samples/Password.aspx

Geoffrey Chetwood 2008-09-10 18:47:24

It turns out that there is support for this by the framework. So I am accepting that answer rather!

FryHard 2008-09-11 04:20:24

Answer 2

A:

I would say that method is as good as any other. It's short and does the job. There's an extremely low chance of a duplicate (substrings of GUIDs are not guaranteed to be unique) so maybe you want to start from somewhere in the middle instead of the beginning. You may also want to remove the dashes from the string with ToString("N").

John Sheehan 2008-09-10 18:47:39

Just give them a complete GUID -- they forgot their password, so make them type in "{92233c28-5cd4-4100-b6d9-3471256ce1ca}" a few times!

Danimal 2008-09-10 18:50:36

I have to admit that I have been close doing this many times. Punishment will prevent them from looking the password in future. ;)

FryHard 2008-09-10 19:10:01

Answer 3

+15 A:

public string CreatePassword(int length)
        {
            string valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
            string res = "";
            Random rnd = new Random();
            while (0 < length--)
                res += valid[rnd.Next(valid.Length)];
            return res;
        }

This has a good benefit of being able to choose from a list of available characters for the generated password (ie. digits only, only uppercase or only lowercase etc.)

Radu094 2008-09-10 18:47:55

this method (base 62) is superior than the GUID(base 16) on strength: an 8-char hex string is equivalent to a 4-5 char alphanumeric one

Jimmy 2008-09-10 18:51:22

Answer 4

+5 A:

For this sort of password, I tend to use a system that's likely to generate more easily "used" passwords. Short, often made up of pronouncable fragments and a few numbers, and with no intercharacter ambiguity (is that a 0 or an O? A 1 or an I?). Something like

string[] words = { 'bur', 'ler', 'meh', 'ree' };
string word = "";

Random rnd = new Random();
for (i = 0; i < 3; i++)
   word += words[rnd.Next(words.length)]

int numbCount = rnd.Next(4);
for (i = 0; i < numbCount; i++)
  word += (2 + rnd.Next(7)).ToString();

return word;

(Typed right into the browser, so use only as guidelines. Also, add more words).

Adam Wright 2008-09-10 18:53:56

Answer 5

+1 A:

I like to look at generating passwords, just like generating software keys. You should choose from an array of characters that follow a good practice. Take what @Radu094 answered with and modify it to follow good practice. Don't put every single letter in the character array. Some letters are harder to say or understand over the phone.

You should also consider using a checksum on the password that was generated to make sure that it was generated by you. A good way of accomplishing this is to use the LUHN algorithm.

Dale Ragan 2008-09-10 18:54:37

Answer 6

A:

Awesome! Knew you guys could help. I made use of @Rich B suggestion, but have removed the unwanted special characters since they are probably a little hectic for my user base!

Thanks for the help!

FryHard 2008-09-10 19:02:50

Can you mark me as the solution? I could sure use the points!

Geoffrey Chetwood 2008-09-10 19:05:23

Done, Internet on this side of the world is SLOW!

FryHard 2008-09-10 19:08:53

Answer 7

+32 A:

there's always System.Web.Security.Membership.GeneratePassword(int length, int numberOfNonAlphanumericCharacters)

Rik 2008-09-10 22:44:45

Didn't know that the Framework has such a method! Awesome! Will swap out my current code for this!

FryHard 2008-09-11 04:19:28

I found it after spending almost a day perfecting my own pw gen code. Image how I felt ;)

Rik 2008-09-13 15:51:00

AFAIK this method does not generate a password complying to a password policy on the domain so it's not suitable for every usage.

teebot.be 2010-04-14 14:05:40

ansaurus

tags:

views:

answers:

Generating Random Passwords

related questions