XKPasswd – Generate Secure, Memorable Passwords

On the heels of Steve Gibson's Password Haystacks website, which demonstrated how long memorable passwords can be far more secure than randomly generated characters simply by virtue of being longer, Bart Busschots has created a new password generation tool called XKPassword.

The idea of the generator is along the same lines of the original generator posted on the GRC website, but has been done as an implementation example of Bart's perl library xkpasswd -- the "xk" being a reference to the xkcd comic which discussed the same subject around the same time as the Security Now episode talking about password haystacks.

The general theory behind haystacks is that you take an easy-to-remember password like monkey (or m0nk3y) and bury it an easy to remember, but very long "haystack" of other characters. The sheer length of the password makes it orders of magnitude harder to guess than the original password.

Example: !@#$1234-Monkey-1234!@#$ and just like that you have created a 24 character password with upper case, lower case, numbers and symbols which (if you look at it for a minute) is going to be really easy to remember -- especially if you recycle the "haystack" portion and pair it with other simple words to create a multitude of never-have-to-write-em-down passwords.

So what about xkpasswd? Well the idea is this, the tool will generate for you a list of easy to remember words buried in a haystack of simple padding characters. He has also added a number of presets for things like an Apple ID, WPA2 wi-fi security key and web sites (short and long) in case you do not want to tweak the raft of available options.

It is a great little tool for generating passwords that adds some intelligence that you do not get from the typical random password generators like the ones built into LastPass, 1Password or SuperGenPass. I highly recommend you check out xkpasswd if you are looking to augment your password arsenal. If you are a developer, check out the library available from Bart's website if you want to include this functionality in an application that you are developing.