Most passwords are easy to guess

If you read the news, you knows that from time to time hackers happen to steal databases containing the passwords of the users from various web services. Most often, PR people explain that users don’t have to worry as the stolen passwords are “encrypted” (or hashed), thus useless to the hackers. But is that really true? Of course not…

A few days ago, the renowned tech site Arstechnica posted a series of articles detailing how such passwords could be decrypted. It even asked three hackers to give a try on a recently leaked database. you can read this article for the details: Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”.

Long story short, if your password is not random, you have good chance to get screwed! Even if you think yours is obscure, chances are that it follow some kind of pattern to make it easier to remember. Hackers know most of them as they help them to drastically reduce the time needed to guess passwords.

YAPG

In reaction, I decided to write, just for fun, a password generator: Yet Another Password Generator. It’s quite humble, but it can be useful to generate a trully random password. It will prove to be useful if you fear to follow one of the pattern described in Ars’ article.

Furthermore, being quite simple, it can be a good example for anyone wanting to start programming using Qt. The resulting application runs on Windows, Mac and Ubuntu machines.

Installation instructions

Ubuntu

sudo add-apt-repository ppa:xtof/yapg  
sudo apt-get update  
sudo apt-get install yapg

Windows

Macs

(This binary is not signed so you’ll have to “Allow apps downloaded from: Anywhere“)

Build from source

YAPG source code is hosted on Launchpad:

bzr branch lp:~xtof/yapg/main