Most of you might have come across need for creating a random password for the users. I prefer using passwords that are generated completely random, containing a-zA-Z0-9 and some special characters, making them tough to guess. However, thinking from the user\u00e2\u20ac\u2122s perspective those passwords are really hard to remember. So, if you want to leverage complexity of the passwords for making them easy to remember then here is what I have used.<\/p>\n
The key concept behind my algorithm is, a set of letters (like Alex) forming a meaningful name is easy to remember than a set of letters (like 6ZuK3s) that makes no sense. I compiled a table with Given Names pulled from sparkleware<\/a>. To generate a random password, I pick a random given name and pull out only first 6 characters from it. Then I create a random set of special characters and set of random hex digits from NewID, UUID\/GUID. The random given-name part, special chars part, hex digits part all together frame a random password. This is makes password not only easy to remember, compared to completely randomized text, but also somewhat tough to predict them as well.<\/p>\n Please note that this technique might generate passwords that can be predicted using dictionary attack<\/a>, if considerable precautions were not taken. If your application’s password needs to highly secure then, I suggest you follow completely randomized text generation as detailed in here<\/a>, <\/p>\n – Shyam K. Arjarapu<\/p>\n","protected":false},"excerpt":{"rendered":" Most of you might have come across need for creating a random password for the users. I prefer using passwords that are generated completely random, containing a-zA-Z0-9 and some special characters, making them tough to guess. However, thinking from the … Continue reading \r\nALTER FUNCTION dbo.udf_generate_password(@newid VARCHAR(50), @rand REAL) RETURNS VARCHAR(100)\r\nAS\r\nBEGIN\r\n--****************************************************\r\n-- FUNCTION: DBO.UDF_GENERATE_PASSWOR\r\n-- AUTHOR: SHYAM K. ARJARAPU\r\n-- PARAMETER: @NEWID = NEWID() A UUID\/GUID\/NEWGUID\r\n--\t @RAND = RAND() \r\n-- REASON: STUPID SQL SERVER DOES NOT ALLOW NON-\r\n-- DETERMINISTIC FUNCTIONS RAND(), GETDATE(), NEWID() \r\n-- INSIDE THE FUNCTIONS.\r\n-- DESCRIPTION: THOUGH RANDOM PASSWORDS ARE SECURE, THEY\r\n-- ARE HARD TO REMEMBER. USERS CAN EASILY REMEMBER \r\n-- GROUP OF LETTERS FORMING A WORD. THE TABLE \r\n-- DBO.TB_PASSWORD_DICTIONARY CONTAINS SET OF FIRST NAMES\r\n-- FROM WHICH A RANDOM NAME IS SELECTED AND A SPECIAL\r\n-- CHARACTER WITH RANDOM STRING IS APPENDED TO MAKE THE\r\n-- PASSWORD NOT ONLY SECURE BUT ALSO ITS EASY TO REMEMBER \r\n-- USAGE: \r\n-- SELECT dbo.udf_generate_password(NEWID(), RAND())\r\n--*****************************************************\r\n\tDECLARE @randPassword VARCHAR(100)\r\n\tDECLARE @randNewID VARCHAR(10)\r\n\tDECLARE @randFirstName VARCHAR(6)\r\n\tDECLARE @randSpecialChar VARCHAR(2)\r\n\tDECLARE @maxID INT\r\n\tDECLARE @CONST_FN_LEN TINYINT\r\n\tDECLARE @CONST_NID_LEN TINYINT\r\n\tDECLARE @CONST_SPL_LEN TINYINT\r\n\tDECLARE @CONST_SPL_CHARS VARCHAR(15)\r\n\r\n\t--DEFINE THE REQUIRED LENGTHS & SPECIAL CHARS\r\n\tSET @CONST_FN_LEN = 6\r\n\tSET @CONST_NID_LEN = 4\r\n\tSET @CONST_SPL_LEN = 2\r\n\tSET @CONST_SPL_CHARS = '@#$^*;,._!'\r\n\r\n\t--FRAME THE RANDOM TEXT PART\r\n\tSELECT @randNewID = LEFT(@newid, @CONST_NID_LEN)\r\n\r\n\tSELECT @maxID = MAX([KEY_ID]) \r\n\t FROM dbo.tb_password_dictionary -- Contains KEY_ID Identity(1,1), [Value] Varchar. All the given-names goes here\r\n\r\n\t--FRAME RANDOM FIRST NAME PART\r\n\tSELECT @randFirstName = LEFT([VALUE], @CONST_FN_LEN)\r\n\t FROM dbo.tb_password_dictionary \r\n\t WHERE [KEY_ID] = CONVERT(INT, @rand *@maxID) + 1\r\n\r\n\tSET @randSpecialChar = ''\r\n\r\n\t--FRAME THE SPECIAL CHARTS PART\r\n\tWHILE( @CONST_SPL_LEN <> 0)\r\n\tBEGIN\r\n\t\tSET @randSpecialChar = @randSpecialChar + \r\n\t\t\tSUBSTRING(@CONST_SPL_CHARS, CONVERT(INT, @rand * LEN(@CONST_SPL_CHARS)) + 1, 1) \r\n\t\tSET @rand = @rand * @rand\r\n\t\tSET @CONST_SPL_LEN = @CONST_SPL_LEN - 1\r\n\tEND \r\n\t\r\n\t--FRAME THE PASSWORD ALTOGETHER\r\n\tSET @randPassword = @randFirstName + @randSpecialChar + @randNewID\r\n\tRETURN @randPassword\r\nEND\r\n<\/pre>\n