# Do you know, that…

The Daily Telegraph has reported that there is a security risk as people use same password on all websites. They say that:

• more than 1.7 million use the same password on more than one web site
• people use easy to remember passwords such as the birthday of a partner, their favorite car, their cat’s name
• 46% of Britons use the same password for banking as they do for their social network
• 40% of Britons admit that at least one other person knows their password

It is, therefore, no surprise that criminals are having a field day:

• 10% of people have has their accounts accessed illegally
• 18% of those people have had goods bought in their names (at an average of \$1600)

The answers are, of course, very simple:

• use a different password on each web site
• use a random set of numbers and letters for each password

However, as the Daily Telegraph article points out, most people find numerous passwords difficult to remember. And this is where the programmer can step in to say “We can help”. They can help by:

• generating random passwords for each web site that a user accesses
• providing a master password for the user

In that way the user can use individual passwords for each web site but only needs to remember one. And so the first part of such a project is to generate a random password.

### The Makeup of a Random Password

A typical password will consist of a mixture

• numbers from 0 to 9
• uppercase letters
• lowercase letters

And all of this can be used by using the random number generators built into many programming languages.

### Generating a Random Number

VBScript (or Visual Basic Script) is a programming language built into Microsoft Windows and is therefore useful in creating programming examples. It can also be used to generate a random number lying within a range of numbers:
function generate_random_number (min, max)
randomize
generate_random_number = Int((max – min + 1) * Rnd + min)
end function
It’s worth noting that no number is truly random. A random number is always generated by using a set formula and always uses another number as its seed. The randomize statement sets this seed to the system timer. The function can then be used to generate a random number between 0 and 9:
function random_number
random_number = generate_random_number (0, 9)
end function
And then this can be used to generate a sequence of random numbers:
function generate_sequence (numb_chars)
Dim n, x
for n = 1 to numb_chars
x = x & random_number
next
generate_sequence = x
end function
It’s now a simple matter of asking the user for the length of the password and providing them with a number of random sequences:
Dim n, numb_letters
Wscript.StdOut.Write “Enter number of characters: ”
for n = 1 to 10
Wscript.Echo generate_sequence (numb_letters)
next
The result of running this code can be seen in figure 1 at the bottom of this article. However, that’s only part of the solution. The password requires letters as well.

### Generating a Random Letter

ASCII stands for American Standard Code for Information Interchange and is an internationally accepted numerical code for both printed characters (such as a,1, * and #) and non-printed characters (such as tabs and carriage returns) so that:
ASCII 65-90 = A-Z
ASCII 97-122 = a-z
These can be used with the random number generator to produce random letters:
function random_uc_letter
random_uc_letter = chr(generate_random_number (65, 90))
end function
function random_lc_letter
random_lc_letter = chr(generate_random_number (97, 122))
end function
Here the chr function returns a character derived from the random number. And then the final step is to amend the generate_sequence function so that it randomly produces a number, an uppercase letter or a lowercase letter:
function generate_sequence (numb_chars)
Dim n, x, r
for n = 1 to numb_chars
r = generate_random_number (1, 3)
select case r
case 1
x = x & random_number
case 2
x = x & random_uc_letter
case 3
x = x & random_lc_letter
end select
next
generate_sequence = x
end function
The new results can be seen in figure 2, and these show that each time the generate_sequence is called the script returns a random string consisting of numbers and lowercase or uppercase letters. The programmer can then carry out the relatively simple task of saving these in a password protected database (for example) and then displaying then to the user as required.
The user then just has to remember the password to the database and not all of the different passwords for the web pages, safeguarding their accounts and reducing the chances of infiltration by any criminal elements.