.NET 1.1+

Generating Random Pronounceable Passwords

by Richard Carr, published at http://www.blackwasp.co.uk/PronounceablePasswords.aspx

The use of passwords as a security measure is increasingly common for technical and non-technical users alike. Generating passwords that are both strong and memorable can be difficult. This article describes one method to alleviate this problem.

Testing the Password Generator

You can now try out the PasswordGenerator class by creating some passwords. The following code generates ten passwords, each with six elements. A sample output is displayed in the comment.

PasswordGenerator generator = new PasswordGenerator();
for (int i = 0; i < 10; i++)
{
    string password = generator.Generate(6);
    Console.WriteLine(password.ToLower());
}

/* OUTPUT

egorhad
mnairoxee
iakizaur
chiosceyio
psiaphustio
aghoamnausk
eeffiothooj
xithuxio
oxicliof
rarhautoo

*/

Improvements

The passwords generated by the above class are not considered to be strong, as they do not contain upper and lower case letters, numeric digits or symbols. Although they would be harder to crack than a password containing an English word, they are relatively easy to break using a brute force attack. To improve the algorithm it would be worthwhile to mix the case of the elements as they are selected and to add numbers and symbols. To ensure that the results remained pronounceable, the symbols should be added at the start or end of the password. Numbers could be added in the same manner or could be substituted for letters that have a similar appearance by including digits in the two element arrays.