Random password generation
Hi All,
We have a link on login page "Forgot Password" ?
As users clicks the link, idea is he goes to page that has emails address and submit button.
As user enters his emails address and clicks submit, the mechanism gemerates a new password and sends it over to his email address.
My question is, "I dont know how to generate that new random password."
Is there a code around, that I can use ?
thanks a lot,
pp
It's easy enough to generate a random password. Use a
constant string containing your alphabet (different
systems have different rules about what characters
are allowed). Then us Random first to generate a
suitable length, then to pick a character from your
alphabet for each slot. If there are further rules
(e.g. "must contain at least one digit") then check
the password you've just generated and if it fails
the test, simply try again.
But this isn't a particularly good system. It allows
anyone to harrass a user by changing their password
if they can guess their user name.
The approach I favour is to send the user a one-time
click-thru URL in an e-mail which allows them to set
their password to anything they chose. That needs a
special table in some data base. You generate a
random token which acts as a one-shot password on a
special "change password" page. As soon as the click
through has been used then the database entry is
deleted so that the token is invalidated. You should
also invalidate the token if they log on in the
normal way.I agree that the 'forgot your password' feature is nasty. I mean, we are normally enjoined from saying "invalid user id" or "invalid password", we have to say "invalid user id / password combination" or something to that effect. But by providing the 'forgot your password' feature, it would be trivial to write a bot to see which sites provide this, determine a good page from a bad (e.g., valid user id) and then have an easier time brute-forcing the password. Sad.
On the other hand, I know personally that many companies are concerned with phishing attacks on their customers. As such, they have a blanket policy prohibiting any URL that hits a secured page in any way.
So, what to do? :^(
- Saish
Similar Messages
-
OIM 11g R2 - User random password Generation
Hi All,
In my case users are getting created in OIM using Trusted source reconciliation and need to populate a random password for each user.
Please suggest me which of the following methods is better and why?
Method 1: Created a post Event Handler and populate password attribute. This case I created a custom Post event handler and populated password attribute and is success but the password stored in database is plain text and so not able login to Adminconsole with same password. So, how to encrypte password and then store in DB?
Method 2: Create entity adapter and attach to user form using Data object manager
Or, please suggest me any other best way.
Thanks in advance.Hi,
Users are being created thru trusted source recon and password is not automatically getting populated. I verified it, by checking USR_PASSWORD attribute in USR table and it is empty. -
Disable random Password generation button on Reset Password popup window.
Hi ALL,
We have a new requirement when user click on reset password tab on "Modify User" page, a pop up window will open with two options :
1) Manually change the Password
2) Auto-generate the Password (Randomly generated)
I want to remove or disable this 2nd option. Can you please guide me what necessary changes required?
Thanks,
AmitIt's easy enough to generate a random password. Use a
constant string containing your alphabet (different
systems have different rules about what characters
are allowed). Then us Random first to generate a
suitable length, then to pick a character from your
alphabet for each slot. If there are further rules
(e.g. "must contain at least one digit") then check
the password you've just generated and if it fails
the test, simply try again.
But this isn't a particularly good system. It allows
anyone to harrass a user by changing their password
if they can guess their user name.
The approach I favour is to send the user a one-time
click-thru URL in an e-mail which allows them to set
their password to anything they chose. That needs a
special table in some data base. You generate a
random token which acts as a one-shot password on a
special "change password" page. As soon as the click
through has been used then the database entry is
deleted so that the token is invalidated. You should
also invalidate the token if they log on in the
normal way.I agree that the 'forgot your password' feature is nasty. I mean, we are normally enjoined from saying "invalid user id" or "invalid password", we have to say "invalid user id / password combination" or something to that effect. But by providing the 'forgot your password' feature, it would be trivial to write a bot to see which sites provide this, determine a good page from a bad (e.g., valid user id) and then have an easier time brute-forcing the password. Sad.
On the other hand, I know personally that many companies are concerned with phishing attacks on their customers. As such, they have a blanket policy prohibiting any URL that hits a secured page in any way.
So, what to do? :^(
- Saish -
Reset Password :Non Random Password
When an admin resets a users password via Reset User Password workflow a random password is generated. In the Reset User Password workflow I am unable to identify the activity that does the generation. I would like to instead set a default static password, is this possible?
Thank you,
ClearHi,
Actually password generation is part of Reprovision process in Reset User Password workflow. can see below trace :
Argument op = reProvision
Argument accountId = KSolanki
Argument options = object
Argument retryEnable = true
Calling application 'com.waveset.provision.WorkflowServices'
Application requested argument op
Application requested argument user
Application requested argument options
Application requested all arguments
Application requested argument subject
Application reference retryInfo = null
Application requested argument retryEnable
Application assignment retryInfo.timeout = 0
Application reference retryInfo =
<Object>
<Attribute name='timeout'>
<Integer>0</Integer>
</Attribute>
</Object>
Application requested argument doResources
Application reference AllowPasswordGeneration = null
Application requested argument allowPasswordGeneration_
~ Ketan -
i want to create random password.the pass word should contain more than 6 charactres and conatain only 0 to 9 and alphabits(capital letters and small letters0.
how to create this pass wordI'm still not getting why are you looking for this?
But, perhaps you are looking for dbms_random package.
http://www.psoug.org/reference/dbms_random.html
Again, be careful to use this package in case of your password generation logic.
Regards.
Satyaki De. -
What algorithm does Excel 2010 use for Pseudo Random Number Generation (MT19937?)
Does Excel 2010+ use the Mersenne Twister (MT19937) algorithm for Pseudo Random Number Generation (PRNG), implemented by the RAND() function?
This has been a nagging question for some time now, with "hints" that it indeed does. However, a relatively thorough search turns up no definitive documentation. The most direct indication is perhaps given by Guy Melard [Ref 9] where
he tests Excel 2010's RAND() function using the Crush battery of tests in TestU01 by L'Ecuyer & Simard. Melard references a "semi-official" indication that Microsoft did indeed implement MT19937 for the RAND() function in
Excel 2010, but this reference no longer seems to be available. http://office.microsoft.com/enus/excel-help/about-solver-HP005198368.aspx?pid=CH010004571033.
The other references below [Ref 1-10] document the history of the statistical suitability of the PRNG and probability distributions in various versions of Excel. This includes the Wichmann-Hill PRNG implementations supposedly (arguably) used in
Excel 2003 & 2007 for random number generation. But still, we have no answer as to which PRNG algorithm is used in
Excel 2010 (and 2013 for that matter).
Microsoft indicates that RAND() has been improved in Excel 2010; Microsoft states, "...and the RAND function now uses a new random number algorithm." (see https://support.office.com/en-ca/article/Whats-New-Changes-made-to-Excel-functions-355d08c8-8358-4ecb-b6eb-e2e443e98aac).
But no details are given on the actual algorithm. This is critical for Monte Carlo methods and many other applications.
Any help would be much appreciated. Thanks.
[Ref 1] B. McCullough, B. Wilson. On the Accuracy of Statistical Procedures in Microsoft Excel 97.
Computational Statistics & Data Analysis. Vol. 31 No. 1, pp 27-37. July 1999.
http://users.df.uba.ar/cobelli/LaboratoriosBasicos/excel97.pdf
[Ref 2]L. Knüsel. On the accuracy of the statistical distributions in Microsoft Excel 97. Computational Statistics & Data Analysis. Vol. 26 No. 3, pp 375-377. January 1998.
http://www.sciencedirect.com/science/article/pii/S0167947397817562
[Ref 3]B. McCullough, B. Wilson. On the Accuracy of Statistical Procedures in Microsoft Excel 2000 and Excel XP.
Computational Statistics & Data Analysis. Vol.40 No. 4, pp 713-721. October 2002.
https://www.researchgate.net/publication/222672996_On_the_accuracy_of_statistical_procedures_in_Microsoft_Excel_2000_and_Excel_XP/links/00b4951c314aac4702000000.pdf
[Ref 4] B. McCullough, B. Wilson. On the Accuracy of Statistical Procedures in Microsoft Excel 2003.
Computational Statistics & Data Analysis. Vol.49. No. 4, pp 1244-1252. June 2005.
http://www.pucrs.br/famat/viali/tic_literatura/artigos/planilhas/msexcel.pdf
[Ref 5] L. Knüsel. On the accuracy of statistical distributions in Microsoft Excel 2003. Computational Statistics & Data Analysis, Vol. 48, No. 3, pp 445-449. March 2005.
http://www.sciencedirect.com/science/article/pii/S0167947304000337
[Ref 6]B. McCullough, D.Heiser. On the Accuracy of Statistical Procedures in Microsoft Excel 2007.
Computational Statistics & Data Analysis. Vol.52. No. 10, pp 4570-4578. June 2008.
http://users.df.uba.ar/mricci/F1ByG2013/excel2007.pdf
[Ref 7] A. Yalta. The Accuracy of Statistical Distributions in Microsoft<sup>®</sup> Excel 2007. Computational Statistics & Data Anlaysis. Vol. 52 No. 10, pp 4579 – 4586. June 2008.
http://www.sciencedirect.com/science/article/pii/S0167947308001618
[Ref 8] B. McCullough. Microsoft Excel’s ‘Not The Wichmann-Hill’ Random Number Generators. Computational Statistics and Data Analysis. Vol.52. No. 10, pp 4587-4593. June 2008.
http://www.sciencedirect.com/science/article/pii/S016794730800162X
[Ref 9] G. Melard. On the Accuracy of Statistical Procedures in Microsoft Excel 2010. Computational Statistics. Vol.29 No. 5, pp 1095-1128. October 2014.
http://homepages.ulb.ac.be/~gmelard/rech/gmelard_csda23.pdf
[Ref 10] L. Knüsel. On the Accuracy of Statistical Distributions in Microsoft Excel 2010. Department of Statistics - University of Munich, Germany.
http://www.csdassn.org/software_reports/excel2011.pdfI found the same KB article:
https://support.microsoft.com/en-us/kb/828795
This was introduced (according to the article) in Excel 2003. Perhaps the references in notes 2 and 3 might help.
The article describes combining the results of 3 generators, each similar to a Multiply With Carry (MWC) generator, but with zero carry. MWC generators do very well on the Diehard battery of randomness tests (mentioned in your references), and have
very long periods. But using zero carry makes no sense to me.
Combining the three generators only helps if the periods of the 3 are relatively prime (despite what the article implies). Then the period of the result will be the product of the 3 periods. But without knowing the theory behind these generators, I have
no idea what the periods would be. The formulas for MWC generators fail here.
Richard Mueller - MVP Directory Services -
Generating a random password and sending a userid through mail to the user
HI,
I have a field named UserID in the process form,this user id can only be accessed by the GIA PROVISIONING ANALYST for updation of the userid to provision the resource to some related id of the user .I want to send this user ID from the process form in a mail to the target user,moreover i also want to include a password field nd also send a random password to the user.In short i want to obtain the values of user id and password send it in a email to the target userThis is the body of my email template:
Request number: <Request Information.Request ID>
The following access has been granted:
Name: <Request Information.List of user targets being requested for>
ID: <User Profile Information.User Login>
Resource: <Object Information.Object Name>
Updated UserID:<Process Data Information.RSS User Name>
In this case the "Updated UserID " is to be obtained from the Process Form and has to be sent in the mail.
"RSS User Name" is the field label in the process form.when this email is sent iam not able to retrieve the values .The same statement ie."Updated UserID:<Process Data Information.RSS User Name>" is displayed in the email .
I have even tried giving <Process Information.RSS User Name> and <Process Data Information.Process Name.RSS User Name> still the value is not obtained.Plz guide me through this. -
Pages created a random password for my document on my iPad. I have no idea what it is and I can't open my document. HELP!!!
How old is your son?
Under the Spanner in Pages there is Set Password where you create a password with hint. You really have to deliberately dig this out to do it.
Do you get a hint when you are asked for the password?
The Password is very secure, if you can't remember what it is, you will have to recreate the document.
Peter -
How to create a procedure to change randomly passwords
Hello,
I am trying to create a procedure to change randomly passwords for all users in a database. I need this after the database cloning. I have too many users to alter in a manual way...
Is there any option to create a procedure which will fetch all users in a database and alter them by a random password?
I was not able to find any clue.
Could you help me?
ThanksWelcome to the forum.
change randomly passwords for all users in a database.All users? Including SYS/SYSTEM? I hope not...
But you could use DBMS_RANDOM.STRING and ALL_USERS and dynamic SQL.
http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14258/d_random.htm#sthref4675
http://download.oracle.com/docs/cd/B19306_01/server.102/b14237/statviews_2114.htm#REFRN20302
http://download.oracle.com/docs/cd/B19306_01/appdev.102/b14261/dynamic.htm#LNPLS01101
(easy to find when you do a quick search from http://www.oracle.com/pls/db102/homepage or http://www.oracle.com/pls/db112/homepage)
DBMS_RANDOM.STRING can give you a random password easily:
select dbms_random.string('x', 10)
from dual
connect by level <= 10;Zo you could do something like:
begin
for rec in ( select t.username
, dbms_random.string('x', 10) new_pass
from all_users t
-- where t.username not in (...)
-- or
-- where t.username in (...)
loop
--execute immediate ' alter user '||rec.username||' identified by '||rec.new_pass;
dbms_output.put_line ('New password for user '||rec.username||' = '||rec.new_pass);
end loop;
end;
/You'll have to fill in the where-clause yourself/
I also commented out the dynamic alter user statement, since I'm not sure if you really want to reset the pwd's for all users.
Also, instead of using dbms_output.put_line to check the new passwords, you could insert them in a table or spool the output to a file. -
How to lock a user by using random password?
hello,
i need to lock a user from a target system by pushing in random passwords for the accounts. i am successfully able to create an adapter that can generate a random string, but the place where i am stuck is that where to use it as i just need to lock the user and not delete it. if the corresponding manager approves the suspension then the account needs to be deleted else again the account needs to be enabled.
Please help!
Thanks!ok... sorry...
so what i did is that i have created a resource that has to be provisioned to the user if the user is to be terminated, in which the manager will mention the user to be terminated and the reason.
now OIM has to lock the user till the reason that has been given by the manager is deemed valid by the second level manager.
so for that i have a approval and a process form and processes associsted with them. but the problem is that i need to lock the user using the "Entity Adapter" so i need to do so only in the "Data Object Manager" and thus the problem starts as i dont know where to map the adapter that generates the random password so as to lock the user.
please, if you find anything confusing here, go thru the discussion in the whole of the thread.
Thanks! -
Getting the random password to user email or manager email
Hi All,
when the user is created then the random password generated successfully.
Now i want sent the generated password to User Email or Manager Email.
For that how can I approch for this.
Regards,
ADRWrite your logic to send email in the same class which is responsible for generating password for user:
Re: Send Mail via java code but using Mail Definitions -
Hi,
I use PHP and MySQL within Dreamweaver
I want my client to be able to generate a new random password
for a new member.
How should I do this?
Create a list of random passwords or
can I create it on the fly while registering a new member?
I don't want the new member to create his own password.
Thanks to all people contributing to this forum.
I learned a lot here allready.
I hope you can also help me out with this one.
Jos> can I create it on the fly while registering a new
member?
That would be the best way.
I have used this to produce random, 8 character passwords
(the database part
is to make sure that they are unique) -
function randomkeys($length)
$pattern =
"234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
for($i=0;$i<($length);$i++)
if(isset($key))
$key .= $pattern{rand(0,strlen($pattern)-1)};
else
$key = $pattern{rand(0,strlen($pattern)-1)};
return $key;
mysql_select_db($database_selectData, $selectData);
$query_rsPasswords = "SELECT contactPassword FROM
tblcontactdata";
$rsPasswords = mysql_query($query_rsPasswords, $selectData)
or
die(mysql_error());
$row_rsPasswords = mysql_fetch_assoc($rsPasswords);
$totalRows_rsPasswords = mysql_num_rows($rsPasswords);
$masterList=array();
$passwords=array();
$rsPasswordList = mysql_query("SELECT contactPassword FROM
tblcontactdata",$selectData)
or die(mysql_errno()." : ".mysql_error());
while ($rec = mysql_fetch_row($rsPasswordList)){
$passwords[] = $rec[0];
$unique = false;
while ($unique === false) {
$temp = randomkeys(8); // this is generating a random
8-character p/w
if(!in_array($temp, $passwords)) {
$newPassword = $temp;
$unique = true;
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"arnhemcs" <[email protected]> wrote in
message
news:[email protected]...
> Hi,
>
> I use PHP and MySQL within Dreamweaver
> I want my client to be able to generate a new random
password for a new
> member.
>
> How should I do this?
> Create a list of random passwords or
> can I create it on the fly while registering a new
member?
> I don't want the new member to create his own password.
>
>
>
>
> Thanks to all people contributing to this forum.
> I learned a lot here allready.
>
> I hope you can also help me out with this one.
>
> Jos
> -
Hi everyone, I made this Password Generator that does what I want, but I'd like to extend its functionality. Right now it creates a random password from an array of letters and numbers.
import java.io.*;
import javax.swing.*;
import java.util.*;
*Version 0.1:
*creates several random passwords using numbers,
*uppercase and lowercase letters
*Version 0.2:
*add a save feature
public class PasswordGeneratorV02
public static void main(String[] args)
* Define all variables and create all objects here
// create the Number and Letter arrays
Integer[] numberList = new Integer[10];
String[] letterList = new String[12];
//Variable to continue the while loop
Boolean cont = true;
//Scanner used to continue or not
Scanner input = new Scanner(System.in);
//Stores the user input
String answer;
* End variables
//fill the letterList array
//need to find a more efficient way to do this
//and add all the letters of the alphabet
letterList[0] = "a";
letterList[1] = "F";
letterList[2] = "c";
letterList[3] = "R";
letterList[4] = "y";
letterList[5] = "O";
letterList[6] = "p";
letterList[7] = "W";
letterList[8] = "q";
letterList[9] = "n";
letterList[10]= "E";
letterList[11]= "w";
// fill it with numbers 0-9
for (int i=0; i < numberList.length; i++)
numberList= i;
// make both arrays lists so we can shuffle them
List list = Arrays.asList(numberList);
List list2 = Arrays.asList(letterList);
//Start the output to user
System.out.println("Welcome to the random password generator!");
System.out.println("This program will create a random 20 character alphanumeric password.");
System.out.println();
//Shuffles the array contents then prints it out.
while(cont == true)
// shuffle the list
Collections.shuffle(Arrays.asList(numberList));
Collections.shuffle(Arrays.asList(letterList));
// print out the shuffled array contents
for (int i : numberList)
System.out.print(i + letterList[i]);
System.out.println();
System.out.println("Press Enter for a new password. Q to quit.");
answer = input.nextLine();
//check to see if user wants to quit
if(answer.equalsIgnoreCase("q"))
cont = false;
System.out.println("Goodbye...");
}I would like to change/add two things.
1st, I want to change the array of letters to include the full alphabet(lower and uppercase), with out having to type it in.
2nd, I would like to add a save feature where the user types in "S" at the prompt and it will allow them to save the password as a text file.
Thanks in advance.Ok well, I googled around and found something.
The output now displays letters, but it no longer shuffles them around. For example:
6A8B7C4D2E0F5G1H3I9J
Every letter is just the next letter in the alphabet. How would I shuffle an array of chars?
New code:
import java.io.*;
import javax.swing.*;
import java.util.*;
*Version 0.1:
*creates several random passwords using numbers,
*uppercase and lowercase letters
*Version 0.2:
*add a save feature
public class PasswordGeneratorV02
public static void main(String[] args)
* Define all variables and create all objects here
// create the Number and Letter arrays
Integer[] numberList = new Integer[10];
char[] letterList = "ABCDEFGHIJKLMNOPQRSTUWVXYZabcdefghijklmnpqrstuvwxyz".toCharArray();
//Variable to continue the while loop
Boolean cont = true;
//Scanner used to continue or not
Scanner input = new Scanner(System.in);
//Stores the user input
String answer;
* End variables
// fill it with numbers 0-9
for (int i=0; i < numberList.length; i++)
numberList= i;
// make both arrays lists so we can shuffle them
List list = Arrays.asList(numberList);
List list2 = Arrays.asList(letterList);
//Start the output to user
System.out.println("Welcome to the random password generator!");
System.out.println("This program will create a random 20 character alphanumeric password.");
System.out.println();
//Shuffles the array contents then prints it out.
while(cont == true)
// shuffle the list
Collections.shuffle(Arrays.asList(numberList));
Collections.shuffle(Arrays.asList(letterList));
// print out the shuffled array contents
for (int i=0;i<numberList.length;i++)
System.out.print(numberList[i] + String.valueOf(letterList[i]));
System.out.println();
System.out.println("Press Enter for a new password. Q to quit.");
answer = input.nextLine();
//check to see if user wants to quit
if(answer.equalsIgnoreCase("q"))
cont = false;
System.out.println("Goodbye..."); -
i need the source code of random email generation.
Can explain How you want the random email , or you want any unrepeated emails?
-
Self-Registration System Password Generation
I have a requirement where the OIM System should generate user passwords and email it to them during the Self-Registration process. I could of sworn that I say this in the documentation someplace. However, for the life of me I can't find it again. Is this possible, and if so how do I accomplish it?
Thanks,
PeteSo I take it that the "Event Handler" framework doesn't really apply to the Self Registration Process. However, I think I could still add a pre-process event handler to the Xellerate User since this account will eventually be created. This I believe would take care of the password generation. I can send the email from the SOA composite upon approval if necessary.
The one outstanding thing I see is that if I remove "Password" and "Password Generated" from the Self-Register User Request Template that the Password Policy box still remains in the interface. Is the only way for me to get rid of this is to generate a completely new Request Template and specify the template on the URL?
Pete
Maybe you are looking for
-
How to keep Retainage amount information and pay later
Hi, We have a scenario where in we deduct a certain % of amount from the subcontractor for each bill submitted by him on various types of clauses with him and once the contract is done at the final bill the amount is repaid to him. How to capture in
-
Identity Management for portal forms
where do i find, Identity Management 10gR3? kindly, as Portal form, reports, discoveres installation says Required Additional Software: WebLogic Server Repository Creation Utility Identity Management SSO Metadata Repository Creation Assistant Patch S
-
Font Issue with After Effects CC
I am running After Effects CC (on Mavericks). After creating an animation using fonts from Typekit, I now am having trouble where the fonts flicker back and forth between two different ones during the animation. At first, I thought I accidentally did
-
TS1389 how do i change security questions if i forgot the answers to the questions asked d
how do i change the security questions on i tunes so that i can purchase music?
-
VISA erreur 1073676294​, Probleme d'adaptate​ur USB/GPIB
Bonjour à tous Je communique avec un oscillo tektronix grace à une liaison GPIB. N'ayant pas de carte GPIB sur mon ordinateur, j'utilise un adapteur qui convertit la liaison en GPIB en USB pour le brancher à l'ordi. Or lorsque je teste de communiquer