Skip to main content

Generating random passwords with a plugin

You can use a plugin to generate a list of randomly-selected passwords and display them to users. Users may then use one of these values when they choose new passwords.

Click below to view a demonstration.

To use a random password generator plugin, ensure that the plugin is located in the plugin directory, then add the plugin name to the generate random passwords with this plugin strength rule on the Manage the system > Policies > Password policies page.

Bravura Security Fabric is shipped with a default random password generator, randpasswd, that is used if this strength rule is not configured.

As of version 12.8, Bravura Security Fabric is shipped with advrandpassword, which generates more complex passwords than randpasswd. Ensure that advrandpasswd.exe is specified in the generate random passwords with this plugin strength rule, otherwise randpasswd is be used instead.

If your password policy includes complex regular expression rules, or if you use your own password strength plugin, you should use advrandpassword ora custom random password generator, rather than randpasswd.

See below for details on how to write a custom plugin.

See also

You can also use the GET PASSWORD EXT plugin point (Manage the system > Policies > System interfaces) to generate pre-defined passwords when help desk users assist users with password changes. See Keeping passwords secret from product administrators .

You can enable a JavaScript option to automatically populate password fields when a suggested password is selected. To do this, enable the UseSuggestedPassword option in the config.js script. See Modify JavaScript behavior for more information.

Write a custom random password generator

Requirements

See Writing plugins for general requirements.

Execution points

This plugin is called at any time a randomly generated password is requested.

Input

Input to the plugin includes user data and a list of password strength rules; for example:

"" "" = {
     "requestpasswordnumber" = "30" # Number of passwords to generate
     "requester" "user" = { # User setting the password
        
       "id" = ""
       "name" = ""
     }
     "strength" "myresourcegroup" = {
       "AUTOGEN_NUM" = "10"
       "BACKWARD_UNAME" = ""
       "BACKWARD_UNAME_WITHIN" = ""
       "DICTWORD" = ""
       "DICTWORDWITHIN" = ""
       "FIRSTLETTER" = ""
       "FORWARD_UNAME" = ""
       "FORWARD_UNAME_WITHIN" = ""
       "MAINFRAME" = ""
       "MATCH_N_UNAME" = ""
       "MAXLOWER" = ""
       "MAXPAIR" = "2"
       "MAXPASSLENGTH" = ""
       "MAXPUNCTUATION" = ""
       "MAXUPPER" = ""
       "MINDIGITS" = "3"
       "MINDIGITSINSIDE" = ""
       "MINLETTERS" = "10"
       "MINPASSLENGTH" = "20"
       "MINPUNCTINSIDE" = ""
       "MINPUNCTUATION" = ""
       "NOCHAROCCUR_NUM" = ""
       "NONPRINTABLE" = ""
       "NOSTRIPDICTWORD" = ""
       "PERMUTEDDICTWORD" = ""
       "PERMUTED_UNAME" = ""
       "PLUGINCHECK" = ""
       "PLUGINGENPWD" = "myrandomizer.psl"
       "PLUGINWARNPWD" = ""
       "SIGNIFICANTNUM" = ""
       "UPPERANDLOWER" = ""
     }
   }

If a password rule has not been defined in the Manage the system (psa) module, its value is empty in the input.

Output

The plugin outputs the resulting random passwords, one password per-line; for example:

"" "" = {
     "retval" = "0"
     "randompasswords" "" = {
       "password" = "ru12"
       "password" = "ru637acotdereodicUci123"
       "password" = "ru637acotdereodicUci1234"
     }
   }
In this section: