A free but high-powered password generator
You're reading Windows Secrets, so it's a good bet that you already know the importance of having good passwords. Or, to put it the other way around: You know that using a simple, easy-to-guess password is like leaving your spare house key under the doormat. It won't fool anyone who wants in.
I've recently run across a couple of new (and free) online password services that you may find useful.
1. PassNerd. I can only give a limited thumbs up to PassNerd. Every time you load the PassNerd home page, the site generates a new password for you. You can select simple or complex passwords (complex is better) in lengths up to 64 characters (longer is better).
The site is easy to use and the passwords appear to be quite random, but other parts of the site give me pause. The Tips section, for example, recommends "alphabet math" and "keyboard transposition" as good ways to generate your own passwords.
Both these techniques are relatively low-security, because the common substitutions of numerals for letters are now built into modern cracking tools. They are emphatically not strong ways to produce passwords! (For more info, see "Looks Strong, But Don't Be Fooled!" from the 2005-06-23 issue of the LangaList.)
2. Perfect Passwords. By contrast, I can give an unequivocal recommendation to Steve Gibson's Perfect Passwords. You can see why as soon as you read the background information on that page.
In particular, Steve's use of SSL encryption to deliver the generated passwords to you helps ensure that you and you alone will see the results, and that the results will be cache-resistant. (In fact, in most systems, the pages won't be cached at all.)
Perfect Passwords
By default, Steve's page produces passwords of 63 and 64 characters. If you need a longer password, you can splice several of the 63-character passwords together. If you want a shorter password, you can copy only the number of characters you need. (While you're on the site, check out Steve's list of other free tools, too.)
If you don't need extremely long passwords that would survive weeks of brute-force attack by a supercomputer, you might prefer to use a "passphrase" technique. This allows you to create easy-to-remember passwords that are strong and as short or as long as you wish. For details, see my InformationWeek article entitled "How To Build Better Passwords."
