This is a short post in which I show the options I am using when generating random passwords with the Password Generator that ships with the password safe KeePass. The character set should be as big as possible while not containing letters that could confuse the end-user. Of course, all upper- & lower-case alphabetic characters as well as the digits are included. For all other symbols, I chose those which are inside the ASCII table as well as writeable with the keyboard layouts for US and German keyboards.
These are mostly the characters that need no “Alt Gr” keystroke in order to type them. Furthermore, I do not use the question mark (?) as well as the at sign (@) because the question mark could confuse the users and the at sign is used as a delimiter symbol in many computer systems. The § sign is not listed because it is not in the standard US keyboard layout (while it is in the German). I am also using the “exclude look-alike characters” option in the Password Generator since it is much easier for users to read their passwords while from a security perspective this only decreases the security a little bit. Concerning the length of the password: It is quite common to use at least 8 characters in length, while the security is increased if longer passwords are used. I am using at least 10 chars, while 12 are still better ;)
To use the Password Generator inside KeePass, go to Tools -> Generate Password and use the following settings:
- Upper-case (A, B, C, …)
- Lower-case (a, b, c, …)
- Digits (0, 1, 2, …)
- Also include the following characters:
- [Advanced Tab]: Exclude look-alike characters (lI|1, O0)
Here are the screenshots of the settings:
–> That is, we have a character set from 26+26+10+21 = 83 – 8 (look-alike chars) = 75 chars for the passwords and can now generate them. A simple click on “Preview” is appropriate if you want to copy passwords into another application. Otherwise click OK to create a new password entry in KeePass.
[optional] Pattern for IPv6 Interface-IDs:
Another alternative inside the Password Generator is the “using pattern” option. For example, this can be used for the creation of Interface-IDs for IPv6 addresses with the following pattern:
This creates something like f1eb:0b0b:4901:5f4f and can be used for a random IIDs if the admin feels better to have its static addresses to be random. (Of course, this is only “useful” if no easy-to-remember DNS names are used.)