Fighting weak passwords is a pain for all security professionals. Security awareness trainings may help your users to increase the strength of their passwords. That’s the main problem: humans have difficulty to remember complex informations like strings of characters and numbers. That’s also why the DNS was invented: it’s much more easier to remember “www.google.be” instead of “18.104.22.168“.
When somebody needs to choose a password, temptation is big to select a word or a name from his direct environment like a child name, a pet or a birth place. With the help of social engineering, it’s very easy to find back those personal information: just use Google and read. Well-known social networks like Facebook are also a gold mine to start looking for personal data.
Systems today enforce security by a set of rules to prevent too weak passwords. Example: the password must be minimum eight characters long, must have at least two numbers, three uppercase letters etc… Once again, users found a way to circumvent the problem: They change some letters and add numbers. What are easy to remember numbers? A birthday!
That’s the purpose of my little tool. From a personal name (children, pets, parents, whatever) and numbers (random or birth dates), a dictionary of passwords is generated and ready to be use to conduct brute force attacks. Check out the Social Dictionary Generator. If you have ideas to increase the generator accuracy, feel free to post a comment.
Disclaimer: This tool is provided “as is” and for the sole purpose of testing your own passwords or research. Do not use against private nor public services if you do not receive a formal authorization from the owner/maintainer.