NicePassword creates easy-to-remember but still somewhat secure passwords by mixing common words from a “safe” dictionary with random numbers. The password is easier to read and to remember than purely random strings of letters and numbers, making it “nicer” on users. NicePassword is ideal whenever you need Rails to auto-generate a password for a user–such as after the user clicks a “send me a new password” link or as a “suggested password” on a password edit page.
Examples of NicePasswords:
campaign34bone parent492wheat orbit8low5mix
The dictionary contains a list of words which are reasonably safe for use in a corporate environment. For example, besides omitting obscene and slang words, words such as ‘kill’ and ‘hate’ are excluded.
To generate a password just call NicePassword.new.
> NicePassword.new # => basic34lesser
Options that can be passed when creating a new NicePassword include:
-
:length - total number of characters, default is 12
-
:words - total number of words, between 1-4, default is 2
-
:digits - number of digits between each word (not the total number), default is 2
-
:language - abbreviation for language to use for the words, default is ‘en’ (English)
-
:dictionary - a custom dictionary (as an array) to use instead of the default dictionaries
> NicePassword.new(:language => ‘fr’, :length => 16, :words => 3, :digits => 3) # => été826gris641rue
The included dictionaries are:
-
English: ‘en’
-
French: ‘fr’
-
Spanish: ‘es’
English is the default language. You can set a different default language using:
NicePassword.default_language = 'fr'
Or you can choose a language on a case-by-case basis by passing in the language abbreviation as the value to the :language option (see Usage above).
If you want to use your own dictionary (either with custom words or for another language), you just pass in an array of words as the value to the :dictionary option. You will want to make sure that your dictionary has several words of each length and includes single letters.
NicePassword passwords are not as secure as a random string would be–that is obvious. However, they are much more secure than the passwords most users pick on their own.
Random strings are hard to remember, easy to mistype and increase the likelihood that a user will switch to a very weak password at the first opportunity. Because NicePasswords are much easy to remember, a user is more likely to keep them. If they still opt to switch to a stronger or weaker password, then you are no worse off, but provided a better user experience.
The inclusion of digits between the dictionary words is intended to make a brute force dictionary attack much harder. Increasing the number of digits between words, or the number of words with digits between them, will increase the security strength of the password.
Authors: Kevin Skoglund & Matthew Bergman, Nova Fabrica, Inc.
License: Copyright 2010 by Kevin Skoglund. released under the attached MIT-LICENSE.
GitHub: github.com/novafabrica/nice_password/tree/master
Bug reports should be submitted at github.com/novafabrica/nice_password/issues
Other feedback is welcomed at info@novafabrica.com
This software is provided “as is” and without any express or implied warranties, including, without limitation, the implied warranties of merchantability and fitness for a particular purpose.