User created vs. php generated passwords

Posted on 2012-08-30
Last Modified: 2012-08-30
Normally a user creates a password; Hopefully a good one. Instead of the user creating the password, is there any reason a website should not use PHP to generate a unique password for the user? Are there pros and cons? Thanks.
Question by:kadin
    LVL 37

    Assisted Solution

    by:Aaron Tomosky
    If its actually random? Then there would be no security reason not to. However most people prefer ease of use to real security.
    LVL 36

    Accepted Solution

    In my point of view, both can be more secure if we choose very strong password with some criteria's. For example, for user generated passwords, we should ask them to choose with mixed case (numbers and symbols) etc., ref. User Generate Password

    At the same time, you can generate php based passwords using hash function etc., ref. Secure password using Hash

    Author Comment

    Thanks for your response.

    I thought It would be easier if a password was assigned to the user because the user would be saved the effort of thinking of a password to use. Plus the password the average user might think of will be to weak, thus prompting the form to ask the user to try something more complex.

    What exactly do you mean by ease of use. Thanks.
    LVL 107

    Assisted Solution

    by:Ray Paseur
    What if your automobile license plate is KNH-331 and you decide your password can be KNH-331?  Now consider that PHP assigns you a password that looks like this:
    6cedaad837375138d05c6d5c03e02376 or even like this: 6cedaad?  Which do you think is "easier?"

    Security is always a trade-off between client convenience and system integrity.  We choose different ways of thinking about bowling scores and nuclear codes.  Somewhere along the continuum there are "happy values" for our choices.
    LVL 29

    Assisted Solution

    by:Olaf Doschke
    Ease of use? Easy to remember. Even if you choose a secure password, or have it created for you, if you simply copy it into a passwords.txt and copy it from there, is it really safer? Password safety is a mixture of it's composition and how it's stored, and that's beyond your control.

    That said, it's very common you get initial passwords generated, eg for FTP to a web hosting space, but it's also very common a user signs up for a website with a self choosen username and password.

    Bye, Olaf.

    Author Closing Comment

    Thank you all for your input.
    LVL 1

    Expert Comment

    You should teach your users that a password like "Snowcamel@Tripcar" is actually better than "r9Rf#F7s" because it has a more characters and they can actually remember it without writing it down. They shouldnt use sentences or something that makes any sense, just random words.
    If you then store the hash of the password along with the length and check both on authentication, it should be pretty safe for brute force attacks...

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Security Threats Are You Missing?

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Suggested Solutions

    Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
    Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
    The viewer will learn how to count occurrences of each item in an array.
    The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    14 Experts available now in Live!

    Get 1:1 Help Now