About

xkpasswd-js is an open source project that is the brainchild of developer and Security Specialist Bart Busschots. This JavaScript version of XKPASSWD is a port of Bart's original perl code.

This new version is being developed by primarily by Helma van der Linden along with other open source contributors. If you'd like to get involved in the development, including adding to the wishlist for features, read more here.

Philosophy

More and more of the things we do on our computer require passwords, and at the same time, it seems we hear about organisations or sites losing user databases on every day that ends in a 'y'. If we re-use our passwords we expose ourselves to an ever greater risk, but we need more passwords than we can possibly remember or invent. Coming up with one good password is easy, but coming up with one good password a week is a lot harder, let alone one a day!

Obviously we need some technological help. We need our computers to help us generate robust passwords and store them securely. There are many great password managers out there to help us securely store and sync our passwords, including commercial offerings and open-source projects. Many of these managers also offer to generate random passwords for us, usually in the form of a random string of meaningless letters numbers, and symbols. These kinds of nonsense passwords are certainly secure, but they are often impractical.

Regardless of how good your chosen password manager is, there will always be times when you need to type in your passwords, and that's when random gibberish passwords become a real pain point. As annoying as it is to have to glance over and back at a small cellphone screen to manually type a gibberish password into a computer, that's nothing compared to the annoyance of trying to communicate such a password to a family member, friend, colleague, or customer over the phone.

Surely it would be better to have passwords that are still truly random in the way humans can't be, but are also human-friendly in the way random gibberish never will be? This is the problem XKPASSWD aims to solve.

Rather than randomly choosing many letters, digits, and symbols from a fairly small alphabet of possible characters, XKPASSWD chooses a small number of words from a large 'alphabet' of possible words as the basis for passwords. Words are easy to remember, easy to read from a screen, easy to type, and easy to communicate over the telephone.

XKPASSWD uses words to make up the bulk of the passwords it generates, but it also adds carefully placed random symbols and digits to add more security without the passwords being difficult to remember, read, type, or speak.

In short, XKPASSWD is for people who prefer passwords that look like this:

!15. play-MAJOR.fresh.FLAT. 23!

to passwords that look like this:

eB8.GJXa@TuM