Password Generator & Analyzer
Table of Contents
The Phoenix-based Password Generator & Analyzer is a simple password generator and password strength analysis tool.
Visit Password GeneratorWhy? #
Building a password generator tool seemed like a good way for me to learn Elixir. It started with a simple tool, genevievecurry/elixir-password-generator, which can be run in an iex session.
After that, the next logical step was to extend it using Phoenix LiveView to build a simple 1-page website. Although Phoenix is far more powerful than is necessary for this task, it was a good introduction to the framework.
Building it #
The password generator uses the 1Password Strong Password Generator as inspiration for generating passwords, with a few modifications. The “memorable” passwords that my tool generates uses words from a list of about ~5000 English words that are between 5-8 characters.
The analysis uses The Password Meter as inspiration for the “common attributes” factors used to score passwords, with a few modifications. A strength rating of 100% is given to passwords that score 150 or higher. These are based loosely around the minimum requirements that many applications set for user accounts.
For “brute-force attack resistance”, zxcvbn is used to test password strength against brute force attacks. I used an elixir port of this library for this project. Dan Wheeler’s essay on how to test for a strong password is an interesting read. He notes that the following are also important factors in password security:
- Preventing online cracking with throttling or CAPTCHAs.
- Preventing offline cracking by selecting a suitably slow hash function with user-unique salts.
- Securing said password hashes.
Screenshots #
