| PasswordAttendant includes a password generator and a password strength calculator that can
assist you in creating secure passwords. PasswordAttendant allows you to define a password mask (a string of characters that describe how your
passwords look) that is used by the generator to create random passwords. Used in conjunction with the strength calculator,
you can rest easy knowing that the passwords created by PasswordAttendant have a high probability of withstanding brute force attacks.(1)
The password mask defines the types of characters that will be used by the generator when it creates a new password.
The table below shows the mask characters and the types of data used:
| Mask |
Character type |
| A |
Uppercase letters (A,B,C,D...X,Y,Z) |
| a |
Lowercase letters (a,b,c,d...x,y,z) |
| # |
Numeric digits (0,1,2,3...8,9) |
| & |
Alpha-numeric characters (A,B,C,D...X,Y,Z,a,b,c,d...x,y,z,0,1,2,3...8,9) |
| @ |
Special (`~!?@#$%^&*()-_=+[]\|/{};:'",.<>) |
| * |
Random (Any uppercase, lowercase, digit, or special character) |
| \ |
Literal indicator - Indicates that the next character in the mask is literal |
One other feature of the password generator is that you can insert any character in any position in your password in addition to the
predefined types above. For example, you might want all your passwords to begin with the two letter prefix "OM". To accomplish this, simply include the desired characters in the appropriate location in the mask. To use one of the six designators in the password, insert a slash in front of that character. Double slashes will produce a single slash.
Here are some examples:
| Password mask |
Generated password |
| A@a&&&@***&**@@ |
O?ie9G'a%MLQQ$} |
| @OneMeg##*& |
+OneMeg70>a |
| \@\\AAAAA#aa&&& |
@\MJASQ5ehm92 |
| drowss\aP_\#### |
drowssaP_#824 |
Password strength...
Just how secure are the passwords you use? Are they long enough? How long will it take to crack them? Using the the
PasswordAttendant strength calculator, you can remove the guess work and see how strong your passwords are and discover
weaknesses.
Let's examine a true life scenario. A certain on-line bank requires a password and allows only alpha-numeric characters in the
password. They also require a minimum length of 6 characters and allow up to 15 characters. They recommend at least 8
characters. So, is 6 characters long enough? How about 8? What length should you really use?
The following table shows the number of possible combinations for each password size. It also shows the average time it would take to crack the
password using a system that can test 100 million passwords per second.
| Password Length |
Combinations |
Time to Crack |
| 6 |
56,800,235,584 |
4.73 |
minutes |
| 8 |
218,340,105,584,896 |
12.64 |
days |
| 12 |
3,226,266,762,397,900,000,000 |
511,521.24 |
years |
| 14 |
12,401,769,434,657,500,000,000,000 |
1,966,287,645.02 |
years |
As you can see, the recommended 8 characters is not strong enough! You will probably want to use at least 12 characters
and maybe even 14 or 15. Using the data returned by the strength calculator, you can now make the appropriate decision on the make up and
length of your passwords. Don't risk your data or money with weak passwords! Get PasswordAttendant today! |
