corenominal

Full stack web developer, interested in all the things, but especially the web, code, design, Linux, OS X, PHP, WordPress, JavaScript & robots.

Tagged: passwords

About pwgenWEB Password Generator

Back in August, I created pwgenGUI, a little Python front-end to pwgen. Today, I had a day off work, so I created pwgenWEB, a little web front-end to pwgen.

To be honest, there isn’t anything special about this password generator, in fact, I’d probably recommend that you don’t use it. That said, it was fun to build and it has helped me test out a few things, including my newly designed WordPress theme.

For anyone who might be interested, the tool uses a custom WordPress REST API endpoint to call pwgen with the arguments passed via an AJAX call.

I’ve tried to include feature parity with the desktop app, namely:

  • Configurable options, including character length and the inclusion of uppercase, numeric and special characters.
  • Saves settings across sessions, enabling you to use the same password policy (handled by js-cookie).
  • 1-click password generation — generates a password on application start page load.
  • Easily copy passwords to clipboard (handled by clipboard.js).

Anyhow, feel free to use it, or not. Or, if you’re looking for something that’s a little more fun, try something like Passweird.

About pwgenGUI

At work, I often have to create new passwords for users. It’s not terribly difficult to do and I usually open my browser, navigate to one of the many password generating sites and grab a new password. Easy, but then I thought to myself, could it be even easier? I mean, I really should be able to do this with just 1 click of the mouse.

So, the other night, I created a little Python+GTK GUI application to do just that. pwgenGUI is basically a front-end for pwgen, a command line tool for generating passwords. I’m not sure if anyone else will find it useful, but I’ve packaged the application for Ubuntu and installation instructions can be found here.

360 million reasons to destroy all passwords image/svg+xml

If you think about this for a moment, you’ll realize that your password does not actually matter. The only thing that matters is that you have access to the email address that’s associated with your account.

Thanks to the password reset functionality that every website uses, every website already supports passwordless login — they just don’t call it that.

I’m not sure that password reset systems are as convenient as just entering a password, but maybe that’s the point. The widespread use of passwordless login systems would certainly reduce the problem of users who opt for lazy passwords, such as “password1”, “password2” etc. That said, if the same users were to continue using lazy passwords for their email, they’d still be screwed.

Passwords suck.

Want Safer Passwords? Don’t Change Them So Often image/svg+xml

Okay, all of you IT managers, it’s time we had a talk.

I know you mean well. I know you think you’re helping. But when you demand that your co-workers’ passwords change as frequently as the seasons, you’re not just driving them bonkers, you’re actively making your systems less secure.

I think many of us have known this for a very long time, still, it’s nice to know that science has our backs.

Introduction to hashing passwords in PHP (5.5+) image/svg+xml

The methods considered secure a few years ago, are now obsolete/insecure due to ever increasing computing power and advanced techniques. And unless you are well versed in the area of cryptography and security, it is never a good idea to roll your own security mechanisms.

It’s been a while since I needed to hash any passwords with PHP (I’ve been working on an Intranet with Active Directory authentication for the past few years), so I went looking for a best practice guide and found this. Seems like good advice to use PHP’s built-in functions.