Generate a Page of Random Passwords with Javascript

The attached HTML page is a password generator that creates a page of random 10-character passwords. It helps you manage one password per website, so a password leaked for one site doesn’t get used on other sites. To use it, click and view the file.

You can also download it and use it – it’s all done with Javascript so there’s nothing that requires the server.

To use it, just keep the printed page in a safe place. Make a copy and store it in a fireproof safe or safe deposit box. As you use each password, make a note of the site. You may not want to use the full site URL. It doesn’t matter. You might even try to obfuscate the site name or use an abbreviation. You have three blank columns so you can put in some fake data in there to add chaff, which is junk data meant to mislead someone who gets this paper.

You can also do tricks, like ignore one letter in the password. So you have 9 character passwords instead of 10 character passwords. If the password list is lost or stolen, the guesser would have to guess which character is being dropped from the actual password.

You can transform: perhaps the first character is reduced by 1, so B becomes A, 8 becomes 7, etc. You can transpose – the first two characters can be swapped, so 1} becomes }1.

Every year or so, you can change your passwords and clean up your lists (doing things like alphabetizing them. You might keep the old lists as “decoys”. Repeated failed logons will cause some sites to lock out the account. This is another kind of chaffing, where you “fluff up the haystack” and hide your needle in it.

The real password and url is discoverable, but it should be hard for someone to figure out.

See also: http://en.wikipedia.org/wiki/Password_strength#Creating_and_handling_passwords.

Attachment Size
randompasslist.html 1.22 KB