https://github.com/tomfaulkner/simple-password-generation

Generate and check secure passwords in Python
https://github.com/tomfaulkner/simple-password-generation

haveibeenpwned password-generator passwords security

Last synced: 3 months ago
JSON representation

Generate and check secure passwords in Python

• Host: GitHub
• URL: https://github.com/tomfaulkner/simple-password-generation
• Owner: TomFaulkner
• Created: 2019-03-09T19:32:55.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2022-03-17T01:39:35.000Z (over 3 years ago)
• Last Synced: 2025-06-28T13:48:02.690Z (3 months ago)
• Topics: haveibeenpwned, password-generator, passwords, security
• Language: Python
• Size: 732 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# simple-password-generation

Generate and check secure passwords in Python.

This is intended for use as a password strength checking and suggestion library for APIs, though it could also be integrated into a password database application.

# Usage

    >>> from simple_pass import create_password, check_havebeenpwned, scoring

    >>> password = create_password()

    >>> print(password)

    unfurcate necessitate nonfact retrogradation swathband orthitic

    

    >>> check_havebeenpwned(password)

    True

    >>> scoring(password)

    (True, 75)

## HaveIBeenPwned

Generated passwords are automatically securely checked against the [HaveIBeenPwned](https://haveibeenpwned.com) database.

Partial hashes are sent using the HaveIBeenPwned API. This can not be reconstructed to determine the checked password.

User generated passwords can be checked by calling `check_havebeenpwned(password)`.

## Scoring Options

Passwords can be checked with a scoring based system using the following options.

    def scoring(

        password,

        *,

        minimum_length=8,

        minimum_score=20,

        points_for_lower=2,

        points_for_upper=2,

        points_for_numbers=2,

        points_per_special=2,

        special_characters=" !@#$%^&*()-=_+.,<>[]{}/?\\|",

        points_per_character=1,

    ):

I believe this scoring system encourages long and difficult to guess passwords by rewarding lengthy passwords and special characters, but without requiring a specific password format or frustrating rules.

## XKCD, Comics, Horses, and batteries

For wisdom on what makes a good password see the famous [xkcd correct horse battery staple comic](https://xkcd.com/936/). The `correct horse battery staple` example passes with a score of 36 using the default parameters. It does not pass the HaveIBeenPwned check, however, as it is a well known password that has probably been found in many breaches.