The G DATA Password Generator

As described in our Guide concerning password safety, strong passwords are essential in the face of today’s cyber threats in both the business and private environment.

With the G DATA Password Generator, you can create passwords based on criteria you specify. In addition, you can check existing passwords based on their security and the effort required to crack them.

Installation

The G DATA Password Generator does not require any installation. The application has no further dependencies, it can be used directly after downloading. No other G DATA products need to be installed, the G DATA Password Generator can be used independently. A G DATA product license is not required.

Simply download the G DATA Password Generator from the download page, unzip the zip file and run the corresponding program file (GDATA_Password_Generator.exe). The zip file also contains a short readme PDF (Liesmich.pdf, only available in german for now) with further explanations.

Application

You start the application by double-clicking on the program file (GDATA_Password_Generator.exe). You will see the following graphical user interface (GUI):

Below "Created or manually entered password" you will see the currently generated password, which you can copy to the clipboard using the Copy button.

Under "Setting for new passwords", you can set which type of characters are used for password creation. You can use any combination of the options

Uppercase letters
Lowercase letters
Numbers
Special characters

as well as the length of the password. By clicking on Generate you generate a new password based on the set configuration.

At the bottom of the user interface, you will find information about the password currently displayed, such as password strength, the possible combinations and the effort of how long it would take to crack the password using a brute force approach.

Password strength can be categorized as follows:

Weak
Moderate
Strong
very Strong
extremely Strong

You can also enter a password that you use in the password field to see the strength of the password.

G DATA does not transmit or store the passwords that are generated or tested using the tool in any way!

How is password strength calculated?

The calculation of password strength takes into account not only the length of the password but also the type of characters used. First, the password gets points for its length. So the longer a password, the higher the score.

Points awarded according to length

20 or more characters = 6 points 16-19 characters = 5 points 12-15 characters = 4 points 8-11 characters = 3 points 6-7 characters = 2 points 5 or fewer characters = 1 point

Additional points are added to the maximum of 6 points based on the quantity of a character type occurring in the password.

Additional points for the number of different character types and their frequency

Are there any uppercase letters? If so:

1 uppercase letter = + 1 point 2 uppercase letters = + 2 points 3 or more uppercase letters = + 3 points

Are there any lowercase letters? If so:

1 lowercase letter = + 1 point 2 lowercase letters = + 2 points 3 or more lowercase letters = + 3 points

Are there numerals? If so:

1 numeral = + 1 point 2 numerals = + 2 points 3 or more numerals = + 3 points

Are there special characters? If so:

1 special character = + 1 point 2 special characters = + 2 points 3 or more special characters = + 3 points

A maximum of 18 points can be awarded, which are evaluated as follows:

Score	Password strength
16-18 points	Extremely strong
12-17 points	Very strong
8-11 points	Strong
6-7 points	Moderate
4-5 points	Weak
1-3 points	Very weak

Score

Password strength

16-18 points

Extremely strong

12-17 points

Very strong

8-11 points

Strong

6-7 points

Moderate

4-5 points

Weak

1-3 points

Very weak

How is the estimation calculated that is needed to find out the password?

To find out a password, in the worst case all possible combinations of all characters of the password must be tried, until the correct combination is found.

To estimate how long it takes to find the right combination, the number of possible combinations is calculated. The following calculation assumes that the character types used within the password are known. Each character type has a certain number of possibilities as to which character it could be:

Type of character	Number of possible characters
Capital letters	26
Lower case letters	26
Numerals	10
Symbols	32

If a character type is found in the password during the check, the number of possible characters of that character type is added.

If a capital letter is found, 26 is added (for 26 possible letters). If a symbol is then found, 32 (possibilities) are added to the 26. This results in a value of 58.

The value obtained is then used in the following formula: Effort = (Possible Characters raised to the power of Number of Characters) / 1,000,000,000)

This value is, of course, an estimate and may vary depending on the computing power behind the brute force attack.

Example: The above calculation yielded 58 possible characters. If the password has 4 places, our example yields the calculation:

(58 * 58 * 58 * 58) = 11.316.496 / 1.000.000.000 = 0,011316496

This means that our example password would take 0.01 seconds to crack using the brute force approach.