PWGEN V1.0

PASSWORD SECURITY

Password security is often overlooked, yet STRONG passwords are your last line
of defense! After router filters are bypassed, firewalls breached, and TCP wrappers
tricked, a thief grabs a copy of your password table (Unix or NT). He or she then
starts running Crack or l0phtcrack on the table so that these tools can repeatedly
try passwords until it guesses some. Many people like to use the names of their kids,
wives, husbands, significant others, pets, birthdates.... as passwords. Passwords
such as these are easy for these tools to guess. To compound problems most folks
use the same password on multiple systems and don't change them often enough. If
they do change them, its only to bounce back and forth between two or three favorite
passwords. Good password practice, or policy for corporations and universities,
should require that you use two or more unrelated words separated by a random
special character (!@#$%^&*)... or digit 0123456789 as a minimum. Greater security
is gained by using two or three of these specials/digits, the two words and
randomly capitalizing one or more of the letters in those words and never reusing
a password a second time. The ultimate in password security is gained when every
password you use is the maximum that is allowed, generated using random specials,
digits, and letters with random capitalization. This is easier said then done when
left to our own devices, I know I've tried it that way. Making up a new password
that is still secure becomes a challenge. That's where PWGEN V1.0 comes in,
and its commercial cousin PWGEN V2.0. V2.0 is capable of generating ANY of the
password schemes discussed above, tell it your password policy or preference and
it will generate them for you. V1.0, the freeware version, randomly generates
passwords containing two unrelated words with an intervening special or digit,
all in lower case. These passwords are of medium security and are vastly superior
to pet names.

OVERVIEW

PWGEN V1.0 is a 32bit windows GUI application that will generate strong, easy to remember
passwords. In this freeware version the generated passwords are always 8 characters
in length and include a special character. Consult the license.txt file that came
in this distribution for current copyright and licensing information. The generated
passwords consist of a three and four letter word, in a random order, separated by a
special character or digit. Here's some samples: dolt!amy, yow9dill, vega@cox,
lame0abo

INSTALLATION

Simply unzip the archive in a temporary directory and execute setup.exe. Answer the
configuration questions and start using PWGEN V1.0 to improve your personal security.

USING

After starting PWGEN, pressing "Close" now will terminate PWGEN without modifying
the current clipboard data. Pressing "Generate" will cause a password to appear in the
text window and copy it into the clipboard.  If you don't like this password, just
continue hitting "Generate" until you find an agreeable one.  You can then paste it
into the appropriate window. Again, "Close" terminates PWGEN. If you are an
administrator or ISP and need to generate multiple passwords for new accounts,
press "Generate", Paste it, and repeat. For applications that don't support "Paste"
you'll have to use the traditional, "See it here and type it there" method.

TIPS

Feel free to modify the 3words.dat and 4words.dat files, these are the sources of
the random words chosen. PWGEN is great for administrators in an enterprise or ISP
environment for creating new customer accounts, and for individuals that are
security conscious.

UPGRADING

An enhanced version is available from AquaScape, Internet Services that allows
you to tailor its passwords to your password security policy. Visit
http://www.aquascape.com/Html/software.html to learn about PWGEN V2.0 or license
purchasing information, per copy and site licensing is available. We'll even
customize it with your logo and helpdesk information, if desired, when you purchase
five or more licenses. Purchase includes one year of revisions from the date that the
license is granted.

Problems, bugs, and desired features should be reported to bugreport@aquascape.com
for correction/inclusion in future releases.
