How can I create a password?

Question

I want to give maybe a million password to some users that should be like:

1. It must have at least 6 characters
2. It must have digits and also letters

Answer 1

RandomStringUtils from Apache Commons Lang provide some methods to generate a randomized String, that can be used as password.

---

Here are some examples of 8-characters passwords creation:

// Passwords with only alphabetic characters.
for (int i = 0; i < 8; i++) {
    System.out.println(RandomStringUtils.randomAlphabetic(8));
}
System.out.println("--------");
// Passwords with alphabetic and numeric characters.
for (int i = 0; i < 8; i++) {
    System.out.println(RandomStringUtils.randomAlphanumeric(8));
}

which creates the following result:

zXHzaLdG
oDtlFDdf
bqPbXVfq
tzQUWuxU
qBHBRKQP
uBLwSvnt
gzBcTnIm
yTUgXlCc
--------
khDzEFD2
cHz1p6yJ
3loXcBau
F6NJAQr7
PyfN079I
8tJye7bu
phfwpY6y
62q27YRt

Of course, you have also methods that may restrict the set of characters allowed for the password generation:

for (int i = 0; i < 8; i++) {
    System.out.println(RandomStringUtils.random(8, "abcDEF123"));
}

will create only passwords with the characters a, b, c, D, E, F, 1, 2 or 3:

D13DD1Eb
cac1Dac2
FE1bD2DE
2ab3Fb3D
213cFEFD
3c2FEDDF
FDbFcc1E
b2cD1c11

Answer 2

Use SecureRandom, it provides a more random passwords.

You can create a single password using something like this (note: untested code).

// put here all characters that are allowed in password
char[] allowedCharacters = {'a','b','c','1','2','3','4'};

SecureRandom random = new SecureRandom();
StringBuffer password = new StringBuffer();

for(int i = 0; i < PASSWORD_LENGTH; i++) {
    password.append(allowedCharacters[ random.nextInt(allowedCharacters.length) ]);
}

Note that this does not guarantee that the every password will have both digits and characters.

Answer 3

Here is how you can make sure your generated password meets your password criteria, e.g: in your case, i would use this regex:

<code>String regex = "^(?=[a-zA-Z0-9ñÑ]*\d)(?=[a-zA-Z0-9ñÑ]*[a-z])(?=[a-zA-Z0-9ñÑ]*[A-Z])[a-zA-Z0-9ñÑ]{6,}$"</code>

This regex meets the following criteria:

1.- at least 1 lowerCase letter

2.- at least 1 upperCase letter

3.- at least 1 digit(number)

4.- at least 6 characters (note that adding a number greater than 6 after the comma at the end of the regex, will now meet a criteria that at least 6 characters and a max of whatever you put in there)

<code>char[] char = {'a','b','c','d','e','f','g','h',...};

SecureRandom random = new SecureRandom();
StringBuffer password = new StringBuffer();</code>

while(!password.toString().matches("your regex")){
    for(int i = 0; i < 8; i++) {
    password.append(char [ random.nextInt(char .length) ]);
    }
}
System.out.println(password.toString());

What this code does is that whileyour generated password doesn't meet your criteria, it will loop the for loop over and over.

Answer 4

When using Apache's RandomStringUtils for security reasons (i.e. passwords), it's very important to combine the use of a SecureRandom source:

RandomStringUtils.random(6, 0, 0, true, true, null, new SecureRandom());

Answer 5

What I would do is something like this:

1. Create two arrays, one with the allowed letters and other with the allowed digits.
2. Use Random to decide the length of the password.
3. Use Random to decide whether the next character is a letter or a digit.
4. Use Random once more to generate an index for the array of letters or digits (depending on wht you obtained in step 3). Append the obtained character to the password.
5. Repeat from 3 until you have the amount of characters obtained in 2.

Answer 6

This is also a nice one:

String password = Integer.toString((int) (Math.random() * Integer.MAX_VALUE), 36);

It however does not guarantee that the password always contains both digits and letters, but most of the aforementioned suggestions also doesn't do that.