OKCOOL

Back

Twitter as a way to generate nice passwords

We’re working on an exciting new web based management interface at the moment which we hope is going to make the lives of web developers and designers a lot easier. I can’t say too much about it now but I just wanted to quickly post about an interesting use I’ve found for Twitter.

As with most back-ends, our system has user accounts that need login credentials. One of the things I’ve always hated about managing users (Email, FTP, Web – doesn’t really matter) is trying to think of good strong passwords. So, I wanted to add a simple password generator to our user management system. I’ve done this many times before using word lists, random characters etc but this time, I thought I’d be a bit more new web about it!

Twitter exposes the public feed of the last 20 twits as XML or JSON (see the Twitter API doc) which is a great source of totally random content.

The idea behind the password generator is to take this feed, find 2 random words that are long enough and then put them together. I’ve chosen to also put some digits on the end for a bit of added security but that could easily be tweaked.

Take a look:

twitterpasswords

It’s actually quite addictive to see what password it might serve up next. As yet, there has been no potty mouth, but I can see that a bad word filter could be necessary.

The suggest link is just a bit of Ajax to call the server side method.

The only slight issue with the twitter public timeline is that it’s global, so you don’t know what languages might be contained within. To make sure I only pull back english words, I’ve just used a simple reg-ex on the XML feed which looks like:

preg_match_all('/ ([\\w]{5,15}) /i', $publicTwits, $words);

There’s something satisfying about getting other people to generate the passwords for me! Happy twitting!

  • Tom
  • 3 April 2008
  • 12 comments

Comments

mark

said on 3 April 2008

Love this, although you do just end up generating new ones instead of doing any work. Does concern me though that Twitter seems to go down for days at a time…

Tom

said on 3 April 2008

My fall back on any down time would of course be my brain. I know this is a bit unreliable at times… but the possibility of them both going down at the same time is unlikely.

John Bradford

said on 3 April 2008

Why not just run the script for a few hours and build a catalogue of a few hundred passwords that you call off as people sign up for your services?

Folks can then choose a password from the ‘live’ stream or from stock when Twitter’s on the blink.

Job done.

Tom

said on 3 April 2008

Yeah, like that idea John. I might revise it when I have more time. At the moment it’s a very minimal amount of code. But, your solution is better for a number of reasons.

Keir

said on 3 April 2008

I love this! It’s great! Finally, Twitter actually DOES something!! :D

Kurt

said on 4 April 2008

Or just not bother with passwords at all and implement OpenID. Stellar.

Mark

said on 4 April 2008

@Tom, you’re tempting fate, I reckon the odds are on for them both going down together… ;)

@Kurt, OpenID is great but not mainstream yet, I’m sure we’ll follow suit soon enough though…

Tom

said on 4 April 2008

I like the Basecamp implementation of OpenID, the way it will link multiple accounts for you. As Mark says though, it’s not mainstream and I can’t think of a single one of our target audience that wouldn’t be confused by typing in a URL at the login screen. I think when we implement it, it will be as an option for those of a more geeky persuasion.

Fab1an

said on 4 April 2008

1995 called, they want their passwords back! I’d advice a passphrase, much easier to remember and just as strong if not stronger.

jQuery AJAX username availability lookup

said on 5 April 2008

[...] you read my post on password generation using twitter you will know I’m currently working on the process of adding users to the system. A neat [...]

fuad

said on 6 April 2008

Nice Idea, how about using random password from blog?

Jon

said on 12 June 2009

public demo URL?

Add a comment





OKCOOL Wordpress theme created by OKCOOL