Twitter as a way to generate nice passwords
We’re working on an exciting new web based management interface at the moment which we hope is going to make the lives of web developers and designers a lot easier. I can’t say too much about it now but I just wanted to quickly post about an interesting use I’ve found for Twitter.
As with most back-ends, our system has user accounts that need login credentials. One of the things I’ve always hated about managing users (Email, FTP, Web – doesn’t really matter) is trying to think of good strong passwords. So, I wanted to add a simple password generator to our user management system. I’ve done this many times before using word lists, random characters etc but this time, I thought I’d be a bit more new web about it!
Twitter exposes the public feed of the last 20 twits as XML or JSON (see the Twitter API doc) which is a great source of totally random content.
The idea behind the password generator is to take this feed, find 2 random words that are long enough and then put them together. I’ve chosen to also put some digits on the end for a bit of added security but that could easily be tweaked.
Take a look:
It’s actually quite addictive to see what password it might serve up next. As yet, there has been no potty mouth, but I can see that a bad word filter could be necessary.
The suggest link is just a bit of Ajax to call the server side method.
The only slight issue with the twitter public timeline is that it’s global, so you don’t know what languages might be contained within. To make sure I only pull back english words, I’ve just used a simple reg-ex on the XML feed which looks like:
preg_match_all('/ ([\\w]{5,15}) /i', $publicTwits, $words);
There’s something satisfying about getting other people to generate the passwords for me! Happy twitting!
Comments
mark
said on 3 April 2008Love this, although you do just end up generating new ones instead of doing any work. Does concern me though that Twitter seems to go down for days at a time…
Tom
said on 3 April 2008My fall back on any down time would of course be my brain. I know this is a bit unreliable at times… but the possibility of them both going down at the same time is unlikely.
John Bradford
said on 3 April 2008Why not just run the script for a few hours and build a catalogue of a few hundred passwords that you call off as people sign up for your services?
Folks can then choose a password from the ‘live’ stream or from stock when Twitter’s on the blink.
Job done.
Tom
said on 3 April 2008Yeah, like that idea John. I might revise it when I have more time. At the moment it’s a very minimal amount of code. But, your solution is better for a number of reasons.
Keir
said on 3 April 2008I love this! It’s great! Finally, Twitter actually DOES something!! :D
Kurt
said on 4 April 2008Or just not bother with passwords at all and implement OpenID. Stellar.
Mark
said on 4 April 2008@Tom, you’re tempting fate, I reckon the odds are on for them both going down together… ;)
@Kurt, OpenID is great but not mainstream yet, I’m sure we’ll follow suit soon enough though…
Tom
said on 4 April 2008I like the Basecamp implementation of OpenID, the way it will link multiple accounts for you. As Mark says though, it’s not mainstream and I can’t think of a single one of our target audience that wouldn’t be confused by typing in a URL at the login screen. I think when we implement it, it will be as an option for those of a more geeky persuasion.
Fab1an
said on 4 April 20081995 called, they want their passwords back! I’d advice a passphrase, much easier to remember and just as strong if not stronger.
jQuery AJAX username availability lookup
said on 5 April 2008[...] you read my post on password generation using twitter you will know I’m currently working on the process of adding users to the system. A neat [...]
fuad
said on 6 April 2008Nice Idea, how about using random password from blog?
Jon
said on 12 June 2009public demo URL?
Add a comment