(Yet an other) Javascript random password generator


Here is YARPG (Yet Another Random Password Generator). Why on earth would I do yet an other random password generator? Because I can :). Seriously: there are at least two random password generators out there that I’ve used, and I have some problems with them:

  • The one that Steve Gibson created can not be customized (I don’t always want ultra-long passwords)
  • The one at winguides.org does not by default use HTTPS (although you can convince it manually)
  • They both use a round-trip to the server and I must trust their server that it doesn’t keep logs about IP-passwords association for example. What makes it even worse in the case of the winguides.org website is the fact that they transmit all the options as GET parameters which are logged by default by the webservers (as opposed to POST parameters which are by default not logged). This means that they must make an extra effort to disable logging (at least for this part of their site), which I’m not sure they did.

My javascript offers 100% client-side generation and you can view its source code to make sure that it does what it claims it does. There is no need for HTTPS / SSL because no connection is made / no data is transmitted to the server.

Be safe and remember: password length beats password complexity most of the time.

Update: the script has been update so that it is more unobtrusive. Also I’ve published the source code for those who don’t want to search through a whole page in a copy paste ready format.

This password generator requires a javascript capable browser.

Update: you can now download the source as a zip file.

Update: Fixed the problem that not all generated passwords contained at least one character from each selected set. See the post announcing the update for details. Also, the new download location is my SVN repo: js_password_generator.html.


8 responses to “(Yet an other) Javascript random password generator”

  1. Please give a more detailed description of the problem. One thing I can think of of the top of my head is that blogger complains when the script tag is present in the text, but you just have to check the “don’t warn me again” checkbox and submit it again. Other than that, make sure that you omit the html, head and body tags from the source (as you are embedding it in a webpage, not writing a complete webpage). Finally, in the worst case, just view the source of this post and copy it verbatim from where it says “Begin Random JavaScript Password Generetor from…” to “End Random JavaScript Password Generetor…”.

    Hope this helps

  2. There's a bug in the script. Some times you want to include numbers, special characters but it doesn't always include numbers or special characters.

    Write a function where it must random in number array when selected and then use some random order function to display it in the result. Hope it helps.

  3. If I understand correctly, you are referring to the fact that when you check multiple options, you might not get characters from every selected category. While this is infrequent, it can happen. I would recommend generating multiple passwords until I get some time to fix it.

    Thank you for bringing the problem to my attention.

  4. With the slogan "better late than never", I've updated the password generation algorithm, such that now it is guaranteed that each generated password contains at least one character from each selected character set.

Leave a Reply to John Wanye Cancel reply

Your email address will not be published. Required fields are marked *