Skip to content
Create a gist now

Instantly share code, notes, and snippets.

A user friendly, strong password generator PHP function.
<?PHP
// Generates a strong password of N length containing at least one lower case letter,
// one uppercase letter, one digit, and one special character. The remaining characters
// in the password are chosen at random from those four sets.
//
// The available characters in each set are user friendly - there are no ambiguous
// characters such as i, l, 1, o, 0, etc. This, coupled with the $add_dashes option,
// makes it much easier for users to manually type or speak their passwords.
//
// Note: the $add_dashes option will increase the length of the password by
// floor(sqrt(N)) characters.
function generateStrongPassword($length = 9, $add_dashes = false, $available_sets = 'luds')
{
$sets = array();
if(strpos($available_sets, 'l') !== false)
$sets[] = 'abcdefghjkmnpqrstuvwxyz';
if(strpos($available_sets, 'u') !== false)
$sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ';
if(strpos($available_sets, 'd') !== false)
$sets[] = '23456789';
if(strpos($available_sets, 's') !== false)
$sets[] = '!@#$%&*?';
$all = '';
$password = '';
foreach($sets as $set)
{
$password .= $set[array_rand(str_split($set))];
$all .= $set;
}
$all = str_split($all);
for($i = 0; $i < $length - count($sets); $i++)
$password .= $all[array_rand($all)];
$password = str_shuffle($password);
if(!$add_dashes)
return $password;
$dash_len = floor(sqrt($length));
$dash_str = '';
while(strlen($password) > $dash_len)
{
$dash_str .= substr($password, 0, $dash_len) . '-';
$password = substr($password, $dash_len);
}
$dash_str .= $password;
return $dash_str;
}
@PetterS
PetterS commented May 8, 2012

It would be more "user friendly" if it generated passwords from a list of words.

http://xkcd.com/936/ :-)

@annoyingmouse

Excellent - thank you!

@gopal1035

Thank you.

@witul
witul commented Aug 20, 2014

Thanks :)

@guidokritz

Great. Thanks!

@jabaru
jabaru commented Nov 20, 2014

thanks

@InforMedic

thx a lot!!

@StanleyNguma

Great Code

@marklockhart

Good work, thanks for the function

@kildeby
kildeby commented Jun 30, 2015

I can't seem to make it display the password? How do I use it?

  • nevermind, I found out. Just sharing -> add:

<?php
$password = generateStrongPassword(9);
echo "Suggestion for password: " . $password;
?>

@Shifrin: Your solution does not require a BIG LETTER, a small letter, a number (0-9) and a special character, which makes your password very much stronger.

@paragonie-scott

Head's up: This gist is not secure. Neither array_rand() nor str_shuffle() are cryptographically secure.

Recommended reading: How to generate secure passwords in PHP.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.