Generate random password string with requirements in javascript

Question

I want to generate a random string that has to have 5 letters from a-z and 3 numbers    How can I do this with JavaScript   I ve got the following script  but it doesn t meet my requirements           var chars    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz           var string length   8          var randomstring               for  var i 0  i lt string length  i                  var rnum   Math floor Math random     chars length               randomstring    chars substring rnum rnum 1

User · Answer

My Crypto based take on the problem  Using ES6 and omitting any browser feature checks  Any comments on security or performance   const generatePassword       passwordLength   12    passwordChars    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz       gt        window crypto getRandomValues new Uint32Array passwordLength         map x   gt  passwordChars x   passwordChars length        join

User · Answer

As  RobW notes  restricting the password to a fixed number of characters as proposed in the OP scheme is a bad idea  But worse  answers that propose code based on Math random are  well  a really bad idea  Let s start with the bad idea  The OP code is randomly selecting a string of 8 characters from a set of 62  Restricting the random string to 5 letters and 3 numbers means the resulting passwords will have  at best  28 5 bits of entropy  as opposed to a potential of 47 6 bits if the distribution restriction of 5 letters and 3 numbers were removed   That s not very good  But in reality  the situation is even worse  The at best aspect of the code is destroyed by the use of Math random as the means of generating entropy for the passwords  Math random is a pseudo random number generator  Due to the deterministic nature of pseudo random number generators the entropy of the resulting passwords is really bad   rendering any such proposed solution a really bad idea  Assuming these passwords are being doled out to end users  o w what s the point   an active adversary that receives such a password has very good chance of predicting future passwords doled out to other users  and that s probably not a good thing  But back to the just bad idea  Assume a cryptographically strong pseudo random number generator is used instead of Math random  Why would you restrict the passwords to 28 5 bits  As noted  that s not very good  Presumably the 5 letters  3 numbers scheme is to assist users in managing randomly doled out passwords  But let s face it  you have to balance ease of use against value of use  and 28 5 bits of entropy isn t much value in defense against an active adversary  But enough of the bad  Let s propose a path forward  I ll use the JavaScript EntropyString library which  quot efficiently generates cryptographically strong random strings of specified entropy from various character sets quot   Rather than the OP 62 characters  I ll use a character set with 32 characters chosen to reduce the use of easily confused characters or the formation of English words  And rather than the 5 letter  3 number scheme  which has too little entropy   I ll proclaim the password will have 60 bits of entropy  this is the balance of ease versus value   import   Entropy  charSet32   from  entropy-string  const random   new Entropy   bits  60  charset  charset32    const string   random string      quot Q7LfR8Jn7RDp quot   Note the arguments to Entropy specify the desired bits of entropy as opposed to more commonly seen solutions to random string generation that specify passing in a string length  which is both misguided and typically underspecified  but that s another story

User · Answer

I have written a small one inspired from your answer    function   g function   c  0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ  p    for i 0 i lt 8 i    p  c charAt Math floor Math random   62    return p   p g   while    A-Z   test p      0-9   test p      a-z   test p   p g    return p        This function returns the password and can be used in bookmarklet like   javascript alert TheCodeOfTheFunction

User · Answer

And finally  without using floating point hacks   function genpasswd n           36    11  gt  Number MAX SAFE INTEGER     if  n  gt  10          throw new Error  Too big n for this function        var x    0000000000    Math floor Number MAX SAFE INTEGER   Math random    toString 36       return x slice -n

User · Answer

I wouldn t recommend using a forced password as it restricts the User s Security but any way  there are a few ways of doing it -  Traditional JavaScript Method -  Math random   toString 36  slice -8     Using Random String  Install random string   npm install randomstring   Using it in App js -  var randStr   require  randomstring     var yourString   randStr generate 8     The Value of your password is being hold in the variable yourString   Don t Use A Forced Password   Forced Password can harm your security as all the passwords would be under the same character set  which might easily be breached

User · Answer

var letters     a   b   c   d   e   f   g   h   i   k   l   m   n   o   p   q   r   s   t   u   v   w   x   y   z        var numbers    0 1 2 3 4 5 6 7 8 9       var randomstring                for var i 0 i lt 5 i                 var rlet   Math floor Math random   letters length               randomstring    letters rlet                     for var i 0 i lt 3 i                 var rnum   Math floor Math random   numbers length               randomstring    numbers rnum                  alert randomstring

User · Answer

Ok so if I understand well you re trying to get a random string password which contains 5 letters and 3 numbers randomly positioned and so which has a length of 8 characters and you accept maj and min letters  you can do that with the following function   function randPass lettersLength numbersLength        var j  x  i      var result                     var letters          ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz       var numbers          0123456789       for  i   0  i  lt  lettersLength  i               result    letters charAt Math floor Math random     letters length              for  i   0  i  lt  numbersLength  i               result    numbers charAt Math floor Math random     numbers length              result   result split          for  i   result length - 1  i  gt  0  i--            j   Math floor Math random      i   1            x   result i           result i    result j           result j    x            result   result join          return result      x000D   x000D  function randPass lettersLength numbersLength    x000D      var j  x  i  x000D      var result                 x000D      var letters          ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   x000D      var numbers          0123456789   x000D      for  i   0  i  lt  lettersLength  i       x000D          result    letters charAt Math floor Math random     letters length    x000D        x000D      for  i   0  i  lt  numbersLength  i       x000D          result    numbers charAt Math floor Math random     numbers length    x000D        x000D      result   result split      x000D      for  i   result length - 1  i  gt  0  i--    x000D          j   Math floor Math random      i   1    x000D          x   result i   x000D          result i    result j   x000D          result j    x  x000D        x000D      result   result join      x000D      return result x000D    x000D  console log randPass 5 3   x000D   x000D   x000D

User · Answer

Based on  Ryan Shillington answer above you may find this enhancment helpfull too  Think this is more secured then what was requeted on the original request in the question above   Password generated with at least 1 number  1 upper case character  1 lower case character and 1 Special character Password length is dynamic   x000D   x000D    Password generated with at least 1 number  1 upper case character  1 lower case character and 1 Special character function generatePassword            var passwordLength   randomIntFromInterval 10 20             var numberChars    0123456789         var upperChars    ABCDEFGHIJKLMNOPQRSTUVWXYZ         var lowerChars    abcdefghijklmnopqrstuvwxyz         var specialChars          amp  -           var allChars   numberChars   upperChars   lowerChars   specialChars        var randPasswordArray   Array passwordLength         randPasswordArray 0    numberChars        randPasswordArray 1    upperChars        randPasswordArray 2    lowerChars        randPasswordArray 3    specialChars        randPasswordArray   randPasswordArray fill allChars  4         if window crypto  amp  amp  window crypto getRandomValues                    return shuffleArray randPasswordArray map function x    return x Math floor window crypto getRandomValues new Uint32Array 1   0     0xffffffff   1    x length       join                      else if window msCrypto  amp  amp  window msCrypto getRandomValues                     return shuffleArray randPasswordArray map function x    return x Math floor window msCrypto getRandomValues new Uint32Array 1   0     0xffffffff   1    x length       join             else            return shuffleArray randPasswordArray map function x    return x Math floor Math random     x length       join                                function shuffleArray array               for  var i   array length - 1  i  gt  0  i--            var j   Math floor Math random      i   1            var temp   array i           array i    array j           array j    temp                   return array       generate random number in the range  min and max included  function randomIntFromInterval min  max          return Math floor Math random      max - min   1    min     x000D   lt input type  text  id  p9   gt   lt input type  button  value   pass generator  onclick  document getElementById  p9   value   generatePassword    gt  x000D   x000D   x000D

User · Answer

A little more maintainable and secure approach  An update to expand on what I meant and how it works   Secure  MDN is pretty explicit about the use of Math random for anything related to security   Math random   does not provide cryptographically secure random numbers  Do not use them for anything related to security  Use the Web Crypto API instead  and more precisely the window crypto getRandomValues   method   Looking at the can-i-use for getRandomValues in 2020 you probably don t need the msCrypto and Math random fallback any more  unless you care about ancient browsers   Maintainable is mostly about the RegExp  pattern as an easy way to define what character classes you allow in the password  But also about the 3 things where each does its job  defines a pattern  gets a random byte as securely as possible  provides a public API to combine the two     x000D   x000D  var Password          pattern     a-zA-Z0-9  -                 getRandomByte   function              http   caniuse com  feat getrandomvalues     if window crypto  amp  amp  window crypto getRandomValues               var result   new Uint8Array 1         window crypto getRandomValues result         return result 0             else if window msCrypto  amp  amp  window msCrypto getRandomValues               var result   new Uint8Array 1         window msCrypto getRandomValues result         return result 0             else             return Math floor Math random     256                   generate   function length          return Array apply null    length   length          map function                   var result          while true                       result   String fromCharCode this  getRandomByte               if this  pattern test result                           return result                                         this         join                        x000D   lt input type  text  id  p   gt  lt br  gt   lt input type  button  value   generate  onclick  document getElementById  p   value   Password generate 16   gt  x000D   x000D   x000D

User · Answer

This isn t exactly optimized  but it should work   var chars    ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz   var string length   8  var randomstring       var charCount   0  var numCount   0   for  var i 0  i lt string length  i             If random bit is 0  there are less than 3 digits already saved  and there are not already 5 characters saved  generate a numeric value       if  Math floor Math random     2     0   amp  amp  numCount  lt  3    charCount  gt   5            var rnum   Math floor Math random     10           randomstring    rnum          numCount    1        else              If any of the above criteria fail  go ahead and generate an alpha character from the chars string         var rnum   Math floor Math random     chars length           randomstring    chars substring rnum rnum 1           charCount    1           alert randomstring            Here s a jsfiddle for you to test on  http   jsfiddle net sJGW4 3

User · Answer

There is a random password string generator with selected length   x000D   x000D  let input   document querySelector  textarea    x000D  let button   document querySelector  button    x000D  let length   document querySelector  input    x000D   x000D  function generatePassword n   x000D    x000D   let pwd       x000D   x000D    while  pwd    pwd length  lt  n  x000D      x000D     pwd    Math random   toString 36  slice -22   x000D      x000D     x000D    return pwd substring 0  n   x000D    x000D   x000D  button addEventListener  click   function   x000D    x000D   input value   generatePassword length value   x000D      x000D   lt div gt password  lt  div gt  x000D   lt div gt  lt textarea cols  70  rows  10  gt  lt  textarea gt  lt  div gt  x000D   lt div gt length  lt  div gt  x000D   lt div gt  lt input type  number  value  200  gt  lt  div gt  x000D   lt br gt  x000D   lt button gt gen lt  button gt  x000D   x000D   x000D

User · Answer

Many answers  including the original of this one  don t address the letter- and number-count requirements of the OP  Below are two solutions  general  no min letters numbers   and with rules   General   I believe this is better general solution than the above  because    it s more secure than accepted highest-voted answer  and also more versatile  because it supports any char set in a case-sensitive manner it s more concise than other answers  for general solution  3 lines max  can be one-liner  it uses only native Javascript- no installation or other libs required   Note that   for this to work on IE  the Array fill   prototype must be polyfilled if available  better to use window crypto getRandomValues   instead of Math random    thanks  BenjaminH for pointing out    Three-liner   var pwdChars    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   var pwdLen   10  var randPassword   Array pwdLen  fill pwdChars  map function x    return x Math floor Math random     x length      join        Or  as one-liner   var randPassword   Array 10  fill  0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   map function x    return x Math floor Math random     x length      join        With Letter   Number Rules  Now  a variation on the above  This will generate three random strings from the given charsets  letter  number  either  and then scramble the result    Please note the below uses sort   for illustrative purposes only  For production use  replace the below sort   function with a shuffle function such as Durstenfeld   First  as a function   function randPassword letters  numbers  either      var chars         ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz      letters     0123456789      numbers     ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789     either         return  letters  numbers  either  map function len  i        return Array len  fill chars i   map function x          return x Math floor Math random     x length           join           concat   join     split     sort function        return 0 5-Math random         join           invoke like so  randPassword 5 3 2     Same thing  as a 2-liner  admittedly  very long and ugly lines-- and won t be a 1-liner if you use a proper shuffle function  Not recommended but sometimes it s fun anyway     var chars     ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   0123456789    ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789    var randPwd    5 3 2  map function len  i    return Array len  fill chars i   map function x    return x Math floor Math random     x length      join        concat   join     split     sort function   return 0 5-Math random     join

User · Answer

Forcing a fixed number of characters is a bad idea  It doesn t improve the quality of the password  Worse  it reduces the number of possible passwords  so that hacking by bruteforcing becomes easier   To generate a random word consisting of alphanumeric characters  use   var randomstring   Math random   toString 36  slice -8     How does it work   Math random                             Generate random number  eg  0 123456               toString 36               Convert  to base-36    0 4fzyo82mvyr                             slice -8     Cut off last 8 characters    yo82mvyr    Documentation for the Number prototype toString and string prototype slice methods

User · Answer

Generate a random password of length 8 to 32 characters with at least 1 lower case  1 upper case  1 number  1 spl char      amp       function getRandomUpperCase            return String fromCharCode  Math floor  Math random     26     65                   function getRandomLowerCase            return String fromCharCode  Math floor  Math random     26     97                    function getRandomNumber            return String fromCharCode  Math floor  Math random     10     48                   function getRandomSymbol                const symbol           amp          lt  gt                  const symbol        amp            return symbol  Math floor  Math random     symbol length                     const randomFunc     getRandomUpperCase  getRandomLowerCase  getRandomNumber  getRandomSymbol             function getRandomFunc             return randomFunc Math floor  Math random     Object keys randomFunc  length                   function generatePassword             let password               const passwordLength   Math random      32 - 8    8          for  let i   1  i  lt   passwordLength  i                   password    getRandomFunc                          check with regex         const regex           a-z        A-Z        d              amp    A-Za-z d       amp   8 32            if   password match regex                  password   generatePassword                      return password                 console log  generatePassword

User · Answer

Secure password with one upperCase char   let once   false       let newPassword   Math random   toString 36  substr 2  8  split     map  char    gt                        if  Number char   amp  amp   once                           once   true                          return char toUpperCase                                              return char                     join           console log newPassword

User · Answer

In case you need a password generated with at least 1 number  1 upper case character  and 1 lower case character   function generatePassword passwordLength      var numberChars    0123456789     var upperChars    ABCDEFGHIJKLMNOPQRSTUVWXYZ     var lowerChars    abcdefghijklmnopqrstuvwxyz     var allChars   numberChars   upperChars   lowerChars    var randPasswordArray   Array passwordLength     randPasswordArray 0    numberChars    randPasswordArray 1    upperChars    randPasswordArray 2    lowerChars    randPasswordArray   randPasswordArray fill allChars  3     return shuffleArray randPasswordArray map function x    return x Math floor Math random     x length       join         function shuffleArray array      for  var i   array length - 1  i  gt  0  i--        var j   Math floor Math random      i   1        var temp   array i       array i    array j       array j    temp        return array     alert generatePassword 12      Here s the fiddle if you want to play test  http   jsfiddle net sJGW4 155   Props to  mwag for giving me the start to create this

User · Answer

Easily generate random passwords with the help of this JavaScript code  For demo click  How to generate random passwords using JavaScript JavaScript code   lt script gt  const input   document querySelector  quot input quot    const button   document querySelector  quot  passgen quot    function GeneratePassword length   8    const cwb        quot ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789       amp       - quot      let password    quot  quot     for  let i   0  i  lt  length    i        let at   Math floor Math random      cwb length   1        password    cwb charAt at         return password    button addEventListener  quot click quot        gt      input value   GeneratePassword 8        lt  script gt

User · Answer

Any password generated with Math random   is EXTREMELY BAD  This function uses the system time as a seed for the random number generator   Anyone who knows the time the password was generated can easily brute-force the password  In almost all cases  this data is easily available - just take the registration time column in a hacked database  and test out all the values generated by the Math random   algorithm using the times from 15 to 0 minutes before  A password generated with Math random   is completely worthless because the time the password was first used is enough for cracking it

User · Answer

For someone who is looking for a simplest script  No while  true   no if else  no declaration   Base on mwag s answer  but this one uses crypto getRandomValues  a stronger random than Math random   Array 20     fill  0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   -        map x   gt  x Math floor crypto getRandomValues new Uint32Array 1   0     0xffffffff   1    x length       join        See this for 0xffffffff   Alternative 1  var generatePassword       length   20    wishlist    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   -        gt  Array length         fill            map      gt  wishlist Math floor crypto getRandomValues new Uint32Array 1   0     0xffffffff   1    wishlist length           join       console log generatePassword       Alternative 2  var generatePassword       length   20    wishlist    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   -        gt    Array from crypto getRandomValues new Uint32Array length         map  x    gt  wishlist x   wishlist length        join      console log generatePassword      Node js  const crypto   require  crypto    const generatePassword       length   20    wishlist    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz   -        gt    Array from crypto randomFillSync new Uint32Array length         map  x    gt  wishlist x   wishlist length        join      console log generatePassword

User · Answer

Try this  it works  enishant random password js Download script to your javascript application and call the function  randomPassword

User · Answer

Here s a way to create a flexible generator that allows you to add some rules  function generatePassword length  rules        if   length    length    undefined            length   8             if   rules    rules    undefined            rules                  chars   quot abcdefghijklmnopqrstuvwxyz quot   min  3       As least 3 lowercase letters              chars   quot ABCDEFGHIJKLMNOPQRSTUVWXYZ quot   min  2       At least 2 uppercase letters              chars   quot 0123456789 quot   min  2                       At least 2 digits              chars   quot      amp      -             quot   min  1          At least 1 special char                       var allChars    quot  quot   allMin   0      rules forEach function rule            allChars    rule chars          allMin    rule min              if  length  lt  allMin            length   allMin            rules push  chars  allChars  min  length - allMin             var pswd    quot  quot       rules forEach function rule            if  rule min  gt  0                pswd    shuffleString rule chars  rule min                              return shuffleString pswd      function shuffleString str  maxlength        var shuffledString   str split     sort function   return 0 5-Math random     join          if  maxlength  gt  0            shuffledString   shuffledString substr 0  maxlength             return shuffledString     var pswd   generatePassword 15       chars   quot abcdefghijklmnopqrstuvwxyz quot   min  4       As least 4 lowercase letters    chars   quot ABCDEFGHIJKLMNOPQRSTUVWXYZ quot   min  1       At least 1 uppercase letters    chars   quot 0123456789 quot   min  3                       At least 3 digits    chars   quot      amp      -             quot   min  2          At least 2 special chars      console log pswd  pswd length

User · Answer

x000D   x000D  var Password          pattern     a-zA-Z0-9  -                 getRandomByte   function              http   caniuse com  feat getrandomvalues     if window crypto  amp  amp  window crypto getRandomValues               var result   new Uint8Array 1         window crypto getRandomValues result         return result 0             else if window msCrypto  amp  amp  window msCrypto getRandomValues               var result   new Uint8Array 1         window msCrypto getRandomValues result         return result 0             else             return Math floor Math random     256                   generate   function length          return Array apply null    length   length          map function                   var result          while true                       result   String fromCharCode this  getRandomByte               if this  pattern test result                           return result                                         this         join                        x000D   lt input type  text  id  p   gt  lt br  gt   lt input type  button  value   generate  onclick  document getElementById  p   value   Password generate 16   gt  x000D   x000D   x000D

User · Answer

Create a Password generator service called PassswordGeneratorService  import   Injectable   from   angular core     Injectable   export class PasswordGeneratorService      generatePassword length number upper boolean numbers boolean symbols boolean        const passwordLength   length    12      const addUpper    upper      const addNumbers    numbers      const addSymbols    symbols       const lowerCharacters     a    b    c    d    e    f    g    h    i    j    k    l    m    n    o    p    q    r    s    t    u    v    w    x    y    z        const upperCharacters     A    B    C    D    E    F    G    H    I    J    K    L    M    N    O    P    Q    R    S    T    U    V    W    X    Y    Z        const numbers     0    1    2    3    4    5    6    7    8    9        const symbols                         const getRandom   array   gt  array Math floor Math random     array length         let finalCharacters            if  addUpper          finalCharacters   finalCharacters concat getRandom upperCharacters               if  addNumbers          finalCharacters   finalCharacters concat getRandom numbers               if  addSymbols          finalCharacters   finalCharacters concat getRandom symbols               for  let i   1  i  lt  passwordLength - 3  i            finalCharacters   finalCharacters concat getRandom lowerCharacters               return  finalCharacters split     sort      gt  0 5 - Math random    join              don t forget to add the service on the module your using    NgModule     imports        CommonModule      SharedModule      CommonModule      RouterModule forChild routes       FormsModule      ReactiveFormsModule      FlexLayoutModule      TranslateModule      ExistingUserDialogModule      UserDocumentsUploadDialogModule        declarations        UserListComponent      EditUserDialogComponent      UserEditorComponent        entryComponents        EditUserDialogComponent        providers        AuthService      PasswordGeneratorService        export class UsersModule        On you controller add a method which calls the generate password method inside the service and set the result on the password field    constructor       private passwordGenerator  PasswordGeneratorService          get newPassword         return this password get  newPassword          generatePassword         this newPassword setValue this passwordGenerator generatePassword 8 true true true

User · Answer

Well  you can always use window crypto object available in the recent version of browser   Just need one line of code to get a random number   let n   window crypto getRandomValues new Uint32Array 1   0     It also helps to encrypt and decrypt data   More information at MDN Web docs - window crypto

[javascript] Generate random password string with requirements in javascript

Examples related to javascript

Examples related to random