Random Password Generator

whotime

Does anyone have a good Random Password Generator that they use at their help desk for resetting users passwords?

Lexluethar

IMO I would just require the end user to change their password at next login.

You can use a PW generator - but usually they create really complex passwords (which is great) that are so complex they require someone to email / message the password (which is not good).

We've found just allowing the service desk to reset the password to something easy, but requiring the 'user must change password at next login' box to be checked in AD once reset.

Yes there is a risk of a service desk person knowing a password - but if they have AD access they could go in and reset it to anything regardless if they wanted to and access that account. So take the lesser of two evils, allow them to use a generic (generic to that service desk person) password but require the end user to change it.

Just my two cents and what i've experienced at my company.

cyberguypr

Yes, I use: This 11-year-old is selling cryptographically secure passwords for $2 each | Ars Technica

I use internal tools but here a few options:
- https://lastpass.com/generatepassword.php
- https://identitysafe.norton.com/password-generator
- https://www.random.org/passwords/?mode=advanced

networker050184

Lexluethar wrote: »

IMO I would just require the end user to change their password at next login.

My thoughts exactly.

Danielm7

Agree with the others, make it something they can enter and then force change on login. I use lastpass to generate random ones but I can't imagine any of the users being able to enter those manually, and good luck explaining them over the phone.

dustervoice

Echoing what everyone said.. make it easy and require a password change. What i normally do when i worked in helpdesk was just to look at any object in the room and add a number at the end. So i would normally reset passwords to the likes of:

PaperDeck12345
CoffeeCup9
HPprinter123
BlackMonitor5
MyfavoritePen2

You get the point

Plantwiz

I agree with Network and Lexluethar, always have the end user create there own. Admins have the power to log into machines/accounts as needed and if there is a problem unique to the user, simple remote in or go to them and have them recreate the problem with you there. You can create a policy that requires specific difficulty for the password, but keep a balance between too difficult to where the end user writes the PW down and affixes a sticky to their monitor

Otherwise, it may be time to look into biometric log ins or FOBs, most environments do not need that extreme.

The caveat with an easy password after a reset is that it is required that the end user reset their PW immediately upon log in, which you should be able to set up. The follow up for you is to test the log in and confirm the password was reset, but if that is handled in group policy, you should not need to test it.

beads

cyberguypr wrote: »

Yes, I use: This 11-year-old is selling cryptographically secure passwords for $2 each | Ars Technica

I use internal tools but here a few options:
- https://lastpass.com/generatepassword.php
- https://identitysafe.norton.com/password-generator
- https://www.random.org/passwords/?mode=advanced

Yep, set last pass to 12+ characters and read the new password over the phone or give it to them the traditional way - on a postit. Of course a postit! Fits neatly on the monitor that way.

- b/eads

cyberguypr

I hate users so that's how I roll! I completely missed the part where the OP said "use at their help desk for resetting users passwords".