If you work in a secure(ish) environment then you'll be changing passwords on a regular basis. An old colleague and I came up with a script that would generate a password based on fictional words from a dictionary lookup.

Then we/he realised that this could actually be generated on the fly, be completely random and still be pronounceable.

UK EVENTAttend ffconf.org 2024

The conference for people who are passionate about the web. 8 amazing speakers with real human interaction and content you can't just read in a blog post or watch on a tiktok!

The pattern to use is: vowel, consonant, vowel, consonant then vowel. Once you've got your 5 letter password, we would append a 3 digit number on the end to really tighten the password (since these were used to access root accounts). For example:

You'll need JavaScript enabled to see the live example.

The above example is based on the JavaScript password generator.

The really nice thing about this process is that it can also be used to generate URLs and keep them pronounceable - which means you can say it to someone, and they should be able to type it out. I use this code to generate the URLs for Code Dumper.

Here's the function for PHP:

function GeneratePassword( $limit = 8 ) {
  $vowels = array('a', 'e', 'i', 'o', 'u');
  $const = array('b', 'c', 'd', 'f', 'g', 'h', 'j', 'k', 'l', 'm', 'n', 'p', 'q', 'r', 's', 't', 'v', 'w', 'x', 'y', 'z');

  $word = '';

  for ($i = 0; $i > ($limit - 3); $i++) {
    if ($i % 2 == 0) { // even = vowels
      $word .= $vowels[rand(0, 4)]; 
    } else {
      $word .= $const[rand(0, 20)];
    } 
  }

  $num = rand(0,999);
  str_pad($num, 3, '0', STR_PAD_LEFT);

  return substr($word . $num, 0, $limit);
}