Skip to Main Content

Passwords, Two-Factor Authentication, and Security Questions

This guide goes into more detailed looks at passwords, password managers, and two-factor authentication.

Generating Good Passwords Randomly

It is not too hard to generate random, strong passwords.

Using even relatively simple programs and basic programming elements such as random-number-generators and string manipulation, you can create dozens or hundreds of random passwords within minutes. A Python 3.x script is attached to this box as a file if you would like to see a basic version (note, it is fairly basic but you have permission to tweak it however you wish).

You do not even need to know programming to create a random password. Grab six-sided dice from a board game or role-playing game (or use an online dice roller like Google's) and use the following graphic (it's also attached as a pdf to the bottom of this box):


To use that to make passwords, just follow the steps for 10-20 times per password and then make as many passwords as you like. For instance, going through the steps 10 times using an online diceroller can give results like: IghwMPxy90#. If you need to "guarantee" a few extra uppercase letters or symbols, you can always roll until you get a few extra of those or just have your "shift die" be treated as "on" for a few selections.

There are many other ways to do this. You can draw Scrabble tiles, or roll a Scattegories dice, or any such game that generates random letters/numbers (note, these have different frequencies of letters showing up, and some such methods will not use all the letters).

You could use a 52-card deck of playing cards to generate the 26 lower case and 26 uppercase letters. See "Cards2Alpha.txt" below to see the simplest method with some possible tweaks. There are also sets of flashcards that have letters/numbers/symbols that could be used.

There are also methods to generate random passwords using five six-sided dice and whole words. Like above, you roll your dice and then compare their values to a list/table. In this case, you use a list of words that are "looked up" by reading the individual dice values. For instance, if you roll a 6, 3, 1, 1, and 6 the word would be "tuition". You can repeat this from 3-5 times to generate password phrases like, tuition daintily feminism parameter

You could also take a book from your shelf and simply flip through the pages and choose one at random and then point at a random word on that page, and then repeat until you have enough random words. Stick to words at least 5-letters long and switch up the books regularly. To add in numbers do this but use the page number, instead. For symbols and mixed-case characters, potentially repeat until you get words that are capitalized and/or have punctuation attached.

You can combine these elements to make a short phrase of 2-5 words and then add in 1-5 random characters (in between the words, at the end, scattered) and then change up the case of some of the letters. You might get something like: "Lumber Nurture Operation 10!". This sort of password is not impossible to remember, has a lot of randomness, and can be generated in under a minute once you get good at the techniques. It might be hard to remember dozens and dozens of these passwords, but having 10-20 of your main passwords made in this way is doable.

There are also websites that will help you generate passwords:

However, caution must be applied unless you definitely trust the website because it is possible that various methods could be used to track generated passwords.

Many password managers also include methods to generate random passwords for you and to then store those.

You can also combine/rearrange random methods with non-random (standard) passwords. 

A More Complicated Password Generating Python Program

Included here is a Python 3.x program to generate passwords in a slightly more complicated way than the above example. It is has numerous comments and explanations if you wish to look at it (it is attached as a py file and as a txt file). A sample output is also included. 

Things this program updates/improves over the simpler program:

  • It divides the alphabet into types [lowercase, uppercase, symbols, etc] which allows for more fine-tuning. 
  • It has built in controls to make sure every character is unique. 
  • It requires (by "default") one of each type to be in the set and rejects passwords that do not have one of each alphabet type.
  • It includes the option for an esoteric alphabet [meaning extended unicode characters], though this might cause issues with many passwords on many sites. 
  • It allows you to define what combination of "sub alphabets" to have so you can increase or decrease the frequency of uppercase characters, numbers, symbols, and so forth. 
  • It outputs to a file (by "default", passwords.txt) but can be changed to output to the commandline or to be piped into another program.

It is not a super-sophisticated program and is presented here largely as a way to show some considerations. Like the above, it is cc-0 (public domain) and feel free to use it in your own projects or to play with.

Further instructions on using it is included in the file itself, which you can edit to change the output and some features (including min and max length of the passwords, characters used, frequency of characters used, and so forth).