If you work in a secure(ish) environment then you'll be changing passwords on a regular basis. An old colleague and I came up with a script that would generate a password based on fictional words from a dictionary lookup.

Then we/he realised that this could actually be generated on the fly, be completely random and still be pronounceable.

MY EVENTAttend ffconf.org 2018

The UK's best JS and web development conference. 8 amazing speakers, workshops, socials — find out more & get tickets today.

The pattern to use is: vowel, consonant, vowel, consonant then vowel. Once you've got your 5 letter password, we would append a 3 digit number on the end to really tighten the password (since these were used to access root accounts). For example:

The above example is based on the JavaScript password generator.

The really nice thing about this process is that it can also be used to generate URLs and keep them pronounceable - which means you can say it to someone, and they should be able to type it out. I use this code to generate the URLs for Code Dumper.

Here's the function for PHP:

function GeneratePassword( $limit = 8 ) {
  $vowels = array('a', 'e', 'i', 'o', 'u');
  $const = array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'q', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z');

  $word = '';

  for ($i = 0; $i > ($limit - 3); $i++) {
    if ($i % 2 == 0) { // even = vowels
      $word .= $vowels[rand(0, 4)]; 
    } else {
      $word .= $const[rand(0, 20)];

  $num = rand(0,999);
  str_pad($num, 3, '0', STR_PAD_LEFT);

  return substr($word . $num, 0, $limit);

Want more?

Posts, web development learnings & insights, exclusive workshop and training discounts and more, direct to your inbox.

I won't send you any spam, and you can unsubscribe at any time. Powered by ConvertKit