Passwords

Now for something really random — Jim Swift, January 24, 2024

By now, you should know the rules for passwords:
• They should be long.
• They should be complex.
• They should contain letters, numbers & symbols.
• They should be changed frequently.
• They should not be reused on different sites.
• They should not be written down.

Are you going to keep all these rules? No, no you are not. Because you're human, and a human being can't possibly keep these rules.

The real question, then, is which rule are you going to break? The least bad option may be to break the last one. At least when that one's violated, Ecaudorian hackers can't deduce your passwords without sending an agent to physically break into your residence and steal them. Just don't flash your information (or anything else) in front of your computer's camera. Also, don't write down your passwords at work, because they will likely fire you.

To help the cause, here is a Linux Bash script to generate a random password, including letters (both cases), numbers & symbols. It pulls random numbers from a site called random.org, since computers are not good at generating truly random numbers. It requires the "curl" package; install if necessary.

Example usage:
chmod u+rx password.sh ./password.sh 16

#! /bin/bash # Generate a random password, including symbols. # Arguments: size # Author: Jim Swift # # Obtains & uses random numbers from random.org if [ $# -eq 0 ]; then echo "Usage: ${0##*/} SIZE" >&2 exit 1 fi size=$1 extra=10 # Request from the Integer Generator, numbers between 1 and 94 (inclusive), grabbing some extra. # Add 32, to arrive at values between 33 (!) and 126 (~). # Print as corresponding ASCII characters. # Shuffle locally and truncate so the folks at random.org can't interpret our password. # Squeeze out line ending characters and present the result. url="https://www.random.org/integers/?num=$((size + extra))&min=1&max=94&col=1&base=10&format=plain&rnd=new" script='{ printf "%c\n", $0 + 32 }' curl -s "$url" | awk "$script" | shuf -n $size | tr -c -d '!-~' echo exit 0

For some strange reason, some web sites restrict which symbols they allow to be in a password, and they may or may not tell you which ones they're grumpy about. An easy solution is just to run the script again until you get a password it likes. Likewise if it complains about an insufficient quantity of letters or numbers.

Here's the Windows PowerShell version.

Example usage:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser .\password.ps1 16

# Generate a random password, including symbols. # Arguments: size # Author: Jim Swift # # Obtains & uses random numbers from random.org param ( [int] $size ) if ( $size -le 0 ) { $script = $MyInvocation.MyCommand.Name "Usage: $script SIZE" exit 1 } $extra = 10 # Request from the Integer Generator, numbers between 1 and 94 (inclusive), grabbing some extra. # Shuffle locally and truncate so the folks at random.org can't interpret our password. # Add 32, to arrive at values between 33 (!) and 126 (~). # Print as corresponding ASCII characters. # Squeeze out line ending characters and present the result. $url="https://www.random.org/integers/?num=$($size + $extra)&min=1&max=94&col=1&base=10&format=plain&rnd=new" $result = Invoke-WebRequest -Uri $url $result = -split $result.Content | Get-Random -Count $size | foreach { [char] ([int] $_ + 32) } -join $result exit 0

Home Rules Play! Tactics Notes Contact

Written The Book Various & Sundry