When storing private information on your computer or external hard drives or when signing up on website for a service containing sensitive information, such as banking, it is important to create strong, secure passwords to protect your information.

Gibson Research Corporation (GRC) – Perfect Passwords

The first method we recommend is to visit the Gibson Research Corporation (GRC) website. The owner of GRC, Steve Gibson, is an expert in privacy, security, and data recovery. He also does a very informative podcast about computer and internet security called Security Now! with TechTV’s Leo Laporte, https://www.grc.com/securitynow.htm.

To access GRC’s webpage for creating ultra secure passwords generated just for you, go to http://www.grc.com, move your mouse over Services on the menu bar and select Perfect Passwords. You will notice, by the “https,” that you are on a secure connection now.

GRC website

The Perfect Passwords page displays. You will notice, by the “https” in the address bar, that you are on a secure connection now.

Perfect Passwords page

Every time the Perfect Password page is displayed, a unique set of custom, high quality, cryptographic-strength password strings is generated that you can copy all or part of and use for protecting your information. There are three different password generated containing different types of characters. Here’s what Steve Gibson says about the generation of the passwords:

What makes these perfect and safe? Every one is completely random (maximum entropy) without any pattern, and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again.

Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else.

Therefore, these password strings are just for you.

No one else can ever see them or get them. You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours — forever.”

03_three_different_types_of_passwords

If you click your web browser’s Refresh button, you will notice that you get a whole new set of unique, strong passwords. We recommend using GRC’s Perfect Passwords page for generating secure passwords. However, if you don’t have access to the web and you need to generate a password, the following section discusses a good offline password generator.

SoftFuse Password Generator Free

If you need to generate a strong password offline, SoftFuse Password Generator Free is an easy-to-use password generator.

Download SoftFuse Password Generator Free from

http://www.password-generator.com/free.html.

There are two versions of the program. You can download the program as an executable, installable file, or as a .zip file that does not require installation. The .zip file can be handy if you need to generate passwords often and in several different places. It can be put on a USB flash drive and run from there.

When you run the program the following dialog box displays. Specify the length of your password in the Length edit box. In the Character Set section, select the types of characters you want included in your password. Click Generate to create your password.

SoftFuse Password Generator Free main window

A password is generated and displayed in the Password box. To copy the password, click the Copy To Clipboard button to the right of the Password box.

Password generated

For times when you are in a public place, you can choose to hide the password that displays in the Password box. To do so, select Hide Passwords from the Options menu.

Hide Passwords Option

When you generate a password with the Hide Passwords option on, it displays in the Password box as asterisks. You can still use the Copy To Clipboard button to copy it.

Hidden password

To change settings for SoftFuse Password Generator Free, click the Preferences button on the toolbar.

Preferences button

The Preferences dialog box displays with the General screen active. Choose a Language and specify how often to Check for Updates, Every day, Every week, or Every month. If you move the program’s window and want to preserve the position, select the Save Window’s Position on Exit check box.

General screen on the Preferences dialog box

The Passwords screen allows you to exclude characters that are similar, such as the letter “l” and the number “1.” It may be difficult to make out which character you chose when you created the password if you use characters that look too similar.

Use the Prefix and/or Suffix edit boxes to automatically add the same prefix and/or a suffix to each password you generate.

Passwords screen on the Preferences dialog box

The Character Set screen allows you to specify what characters are included in the groups listed on the main SoftFuse Password Generator Free dialog box. These sets of characters can also be edited directly from the main dialog box, as we will discuss later in this post.

Character Set screen on the Preferences dialog box

SoftFuse Password Generator Free allows you to generate passwords by mask using a flexible, easy-to-use mask syntax. This is a powerful feature for creating passwords of various semantic types for various purposes.

You can choose to use a predefined format, such as a password containing 10 lowercase letters or one with a dash and three digits. See the Generating by Mask topic in the help that comes with the software for the mask syntax and some examples of masks.

Enter your desired mask in the Mask edit box using the syntax listed in the help file.

Mask screen on the Preferences dialog box

The Privacy screen allows you to clear the clipboard when you exit SoftFuse Password Generator Free. This is an added level of protection, especially if you use a computer that other people also use.

Click OK to close the Preferences dialog box.

Privacy screen on the Preferences dialog box

The gear buttons to the right of each of the character sets listed on the main dialog box, allow you to add to or delete from the corresponding character set. These gear buttons perform the same function as the Character Set screen on the Preferences dialog box mentioned earlier in this post.

A button for editing the corresponding character set

The Edit Character Set dialog box displays, containing the current set of characters for that character set. Edit the set as desired and click OK.

Edit Character Set dialog box

You can save your password to a text file, if desired. To do so, click the Save button and use the resulting dialog box to select a location and specify a name for the file.

NOTE: Saving your password to a text file is very insecure as it is in plain text. If you need to store passwords, KeePass is a good option that is also portable, so you can keep it on a USB flash drive. We mentioned it on Online Tech Tips in the post, KeePass Password Safe Takes Trouble Out of Password Management.

You can download the latest version of KeePass at http://keepass.info/download.html. Steve Gibson, of GRC, and Leo Laporte, of TechTV, discussed a very secure option for storing passwords online, called LastPass, in their Security Now! podcast episode #256 on July 8, 2010. You can download the podcast in various formats, including a transcript in text and PDF formats, at http://www.grc.com/securitynow.htm.

Save button

You can also save your password into an HTML file using the Export option on the File menu. Again, this is not secure.

17_export_option

Strong, secure generated passwords are not easy to remember, and you will most likely need to store them somewhere. Look into LastPass, KeePass, or any other password storage software that uses strong encryption algorithms, such as AES and Twofish.

by Lori Kaufman