Recently, one of my projects required a functionality where upon registering a new user in the system a password for the user had to be generated automatically. The requirement also dictated that the password generation process should support things like:
- The minimum password length should be configurable.
- The maximum password length should be configurable.
- Number of uppercase/lowercase letters appearing should be configurable.
- Password should contain at least x number of digits and or symbols.
- Password should be all uppercase or all lowercase or both.
The script takes the following four input parameters:
Pattern - This basically defines the password character composition. (Default is
MinLength - The minimum password length. (Default is 8 characters.)
MaxLength - The maximum password length. (Default is 15 characters.)
AllowDuplicate - Determines, if a character already used can appear subsequently. (Default is
All these parameters are optional. If no values are passed, the script uses the default values. In case of the maximum password length being greater than the pattern string length, the script automatically generates a new pattern string. Actually, this behavior can be altered such that it generates
(maxlength - pattern.length) pattern characters only.
The heart of this little script is the pattern string. This string basically contains the following:
- L - Denotes that a lower case English alphabet is desired at this position.
- U - Denotes that an upper case English alphabet is desired at this position.
- 9 - Denotes that a digit between 0-9 is required at this position.
- S - Denotes that a symbol character is desired at this position.
If the pattern string is not specified the script auto generates one. For this, I have used the
genPattern function basically generates a random number between 1-4 and decides which pattern character to use based on it. This is repeated till the maximum password length is reached:
var strRet = "";
var iCntr = 0;
var rndNo = 0;
for (iCntr = 0; iCntr < pintLen; iCntr++)
rndNo = Math.floor((4 - 1 + 1) * Math.random() + 1)
strRet += "9";
strRet += "U";
strRet += "S";
strRet += "L";
The actual password is generated by calling the
getRandomChar(strCharSet, strProcessed, blnAllowDup) function for each pattern character in the pattern string till the maximum password length is reached.
Overall, this is a very simple script and compared to GeodSoft's password generator, offers limited options/flexibility. However it does satisfy the normal requirements. I checked the generated passwords with GeodSoft's Password Evaluator and found out that the password generated by this script is reasonably strong.
- 4th Oct, 2005 - First release.
- 28th Jan, 2006 - Bugs fixed. (Thanks to Mike for pointing out these bugs.)