Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Generate a random password Expand / Collapse
Author
Message
Posted Thursday, September 25, 2008 5:01 PM


SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Monday, December 15, 2014 1:42 PM
Points: 644, Visits: 2,151
Comments posted to this topic are about the item Generate a random password

Gaby
________________________________________________________________
"In theory, theory and practice are the same. In practice, they are not."
- Albert Einstein
Post #576463
Posted Thursday, November 13, 2008 8:11 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 10:51 AM
Points: 442, Visits: 938
Nice !

There also might be confusion between letter "G" and number 6...
Post #602151
Posted Thursday, November 13, 2008 8:40 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Friday, December 19, 2014 8:23 AM
Points: 2,048, Visits: 665
The password generator does a nice job, but while testing the code in QA, I noted that the proc does seem to return an "abundant" number of 'repeats' in any given password. In some generated passwords, I count up to three pairs of the same letters or characters. Can this be considered acceptable for 10 character passwords?
Post #602187
Posted Thursday, November 13, 2008 8:44 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 10:51 AM
Points: 442, Visits: 938
woops...

I did not try to run and test the code.

Thanks for doing this. Very useful.
Post #602190
Posted Thursday, November 13, 2008 9:41 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Sunday, September 29, 2013 1:24 AM
Points: 429, Visits: 1,721
Works great and I actually needed something like this today! Thanks!


 
Post #602234
Posted Thursday, November 13, 2008 12:24 PM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: General Forum Members
Last Login: Today @ 2:36 PM
Points: 35,776, Visits: 32,448
Pretty nice, Gaby... your article and some of the comments above gave me a couple of ideas for an article with just a pot-wad of tricks in it... Ok if I reference your article?

--Jeff Moden
"RBAR is pronounced "ree-bar" and is a "Modenism" for "Row-By-Agonizing-Row".

First step towards the paradigm shift of writing Set Based code:
Stop thinking about what you want to do to a row... think, instead, of what you want to do to a column."

(play on words) "Just because you CAN do something in T-SQL, doesn't mean you SHOULDN'T." --22 Aug 2013

Helpful Links:
How to post code problems
How to post performance problems
Post #602316
Posted Thursday, November 13, 2008 12:33 PM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: Sunday, September 29, 2013 1:24 AM
Points: 429, Visits: 1,721
One additional thing I'd like to see is the ability to force at least one number and/or one special character.

 
Post #602321
Posted Friday, November 14, 2008 8:09 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, February 4, 2014 9:35 AM
Points: 1,277, Visits: 1,612
No knock on the script, but I question the value of truly random passwords.

I think I have a pretty good memory. I have my credit card number memorized (okay - maybe that's a bad thing ). For passwords I think there should be some sensible pattern.

I tend to build passwords (at least 9 char) using the user's initials mixed-up, or a misspelling of their name with odd capitalization. I usually include part of they phone number, and/or birth date, and I always include a special character or two. The point is that it's something that forms a memorable pattern to the user. I think I can do this and still maintain a high level of security.



Post #602792
Posted Friday, November 14, 2008 9:14 AM
SSC-Addicted

SSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-AddictedSSC-Addicted

Group: General Forum Members
Last Login: 2 days ago @ 10:51 AM
Points: 442, Visits: 938
RML51:

Unless you will not allow the users to change their password to one of their own liking -- for instance banks DO allow users to change their PIN number and others do supply a password intended to be changed by the user, then I do not see the point in enforcing a pattern to help the users to remember their password.

If you were to allow users to change password, you could implement instead a password validation routine that would filter out the most commonly used passwords such as "Rolex", "guest", "admin", "sysadmin"" etc. Specify a minimum length, force the use of special characters like !, $, {, }, etc. and a non -zero count of upper and lower case alphabetic characters.

You could also set a maximum length and ban the use of the : character. Would help (no guarantees) reject injection attacks and scripts if you have poorly written applications.

The pattern enforcement scheme would be intended at rejecting non compliant user-entered passwords instead of helping users to remember a password.

And even if you did supply a pattern, if it contains random characters, this would not help the users. Some of them out there really have a hard time with spotting patterns. If they can't remember a password, I would not bank too much on them remembering a pattern either.
Post #602874
Posted Monday, November 17, 2008 8:24 AM


SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Monday, December 15, 2014 1:42 PM
Points: 644, Visits: 2,151
Jeff Moden (11/13/2008)
Pretty nice, Gaby... your article and some of the comments above gave me a couple of ideas for an article with just a pot-wad of tricks in it... Ok if I reference your article?


Hey Jeff, sorry about the delayed response. Please feel free to use this.


Gaby
________________________________________________________________
"In theory, theory and practice are the same. In practice, they are not."
- Albert Einstein
Post #603700
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse