PasswordCreator.org was created by Stephen Ostermiller. He found that many other tools to generate random passwords were:
- Hard to use
- Generated poor quality passwords
- Generated passwords that were hard to remember
- Were insecure
Ease of Use
PasswordCreator.org is designed to be easy to use. A list of possible passwords is presented when you visit. You don't need to do anything other than choose one. The only controls are a drop down for choosing password strength and a button for generating new passwords. Other sites are harder to use:
- Don't generate a password up front, you have to press a button
- Generate only one password at a time rather than several to choose from
- Make you fill in forms specifying extraneous options such as where in the password you want a symbol to appear
High Quality Passwords
PasswordCreator.org shows only passwords that are very random. It provides information about just how many possible passwords it can generate and how secure passwords of various lengths are against brute force attack. Other password creators use less secure algorithms such as:
- Modifying a common word by replacing letters with numbers, symobols, or capitals
- Putting just a few syllables together for a pronounceable password
- Generating passwords that are too short
Memorable Passwords
PasswordCreator.org can create passwords and pass phrasses based on dictionary words that are much easier to remember than passwords with only random numbers, letters, and symbols. Many password creation tools only generate random character passwords.
Security
PasswordCreator.org uses these security measures to ensure that passwords are securely generated:
- Uses the HTTPS (SSL or TLS) protocol for the site to ensure that it is modified in transit or otherwise tampered with.
- Generates passwords only client side using JavaScript software. The server never generates (nor even sees) the passwords.
- Uses the cryptographically secure random number generator available in modern browsers. An insecure random number generator is seeded with the current date and time. With it, passwords could be guessed if it is known when they were generated.
- Does not use third party resources in the page that could be used by third parties to read generated passwords. No third party analytics, advertising, images, scripts, or styles are used.
About Stephen Ostermiller
Stephen is computer programmer with a degree in Computer Science from Cornell University. You can find his other projects here: