This generates the password on a server you don't control.
I recommend not using it.
Using 'tr -dc A-Za-z0-9 < /dev/urandom | head -c $length' is more secure and available on your linux or osx machine even more easily than waiting a second for a server to run some java off in a magic black box.
You can also try indexing into /usr/share/dict/words for a correcthorsebatterystaple-style password. I'm sure there's a cute on-liner, I did it in Python because that took a lot less time than all the man page searching how to do it with Unix text processing tools would have taken.
Yes, it would be better to remember random characters of the same length. But most people don't. I personally have one password I use to sign into 1password and a small other set of critical services, and longer random passwords for everything else. I personally don't worry about nation state adversaries so I can make myself less vulnerable to mass automated attacks and targeted attacks by non-experts. It's important to remember not to let perfect be the enemy of the good, and important not to discount the cost of DOSing yourself. I reduced my security after I lost access to something of value.
If you get "tr: Illegal byte sequence" you can prepend 'LC_ALL=C ' before the 'tr' to prevent tr from trying to treat the stream as a unicode sequence.
This isn't a great site or anything and you're right that password should be generated client-side. But not everyone is one Linux or Mac and sometimes it's just easier to Google "password generator" than remembering that command.
I created something similar ~2 decades ago in perl. It would spit out a long list of passwords in text format so you could chose one without the server knowing what you chose.
That's a nice idea! I just created this password generator for fun like other utilities in java but I don't know just this one generated so many interest. You can see the source code using the button to the bottom right (the one that has 1's and 0's)
Thanks for all the nice comments that are intended with good karma. What other feature can I add to this password generator that is useful? I agree that using linux is more secure but for passwords that are not as important I think this tool works fine, also you don't need to remember a big line of code and you can execute it on your mobile phone
It seems surprisingly complicated. Why is there a “start” and “stop” button? Why does it take so long for it to generate a random string? Why is there a “console” that just seems to show the page template?
TheDong|6 years ago
I recommend not using it.
Using 'tr -dc A-Za-z0-9 < /dev/urandom | head -c $length' is more secure and available on your linux or osx machine even more easily than waiting a second for a server to run some java off in a magic black box.
iudqnolq|6 years ago
Yes, it would be better to remember random characters of the same length. But most people don't. I personally have one password I use to sign into 1password and a small other set of critical services, and longer random passwords for everything else. I personally don't worry about nation state adversaries so I can make myself less vulnerable to mass automated attacks and targeted attacks by non-experts. It's important to remember not to let perfect be the enemy of the good, and important not to discount the cost of DOSing yourself. I reduced my security after I lost access to something of value.
archgoon|6 years ago
unknown|6 years ago
[deleted]
aarreedd|6 years ago
Your comment reminds me of the infamous Dropbox comment: https://news.ycombinator.com/item?id=9224
SomewhatLikely|6 years ago
oeuviz|6 years ago
Today, keepass does the job just fine.
oefrha|6 years ago
dbremmen|6 years ago
ozgrozer|6 years ago
dbremmen|6 years ago
tobr|6 years ago
known|6 years ago
</dev/urandom tr -dc 23456789~*@#$%_+-=qwertQWERTasdfgASDFGzxcvbZXCVB | head -c13; echo ""