We’re working on an exciting new web based management interface at the moment which we hope is going to make the lives of web developers and designers a lot easier. I can’t say too much about it now but I just wanted to quickly post about an interesting use I’ve found for Twitter.
As with most back-ends, our system has user accounts that need login credentials. One of the things I’ve always hated about managing users (Email, FTP, Web – doesn’t really matter) is trying to think of good strong passwords. So, I wanted to add a simple password generator to our user management system. I’ve done this many times before using word lists, random characters etc but this time, I thought I’d be a bit more new web about it!
Twitter exposes the public feed of the last 20 twits as XML or JSON (see the Twitter API doc) which is a great source of totally random content.
The idea behind the password generator is to take this feed, find 2 random words that are long enough and then put them together. I’ve chosen to also put some digits on the end for a bit of added security but that could easily be tweaked.
Take a look:
It’s actually quite addictive to see what password it might serve up next. As yet, there has been no potty mouth, but I can see that a bad word filter could be necessary.
The suggest link is just a bit of Ajax to call the server side method.
The only slight issue with the twitter public timeline is that it’s global, so you don’t know what languages might be contained within. To make sure I only pull back english words, I’ve just used a simple reg-ex on the XML feed which looks like:
preg_match_all('/ ([\\w]{5,15}) /i', $publicTwits, $words);
There’s something satisfying about getting other people to generate the passwords for me! Happy twitting!
{ 11 comments… read them below or add one }
Love this, although you do just end up generating new ones instead of doing any work. Does concern me though that Twitter seems to go down for days at a time…
My fall back on any down time would of course be my brain. I know this is a bit unreliable at times… but the possibility of them both going down at the same time is unlikely.
Why not just run the script for a few hours and build a catalogue of a few hundred passwords that you call off as people sign up for your services?
Folks can then choose a password from the ‘live’ stream or from stock when Twitter’s on the blink.
Job done.
Yeah, like that idea John. I might revise it when I have more time. At the moment it’s a very minimal amount of code. But, your solution is better for a number of reasons.
I love this! It’s great! Finally, Twitter actually DOES something!! :D
Or just not bother with passwords at all and implement OpenID. Stellar.
@Tom, you’re tempting fate, I reckon the odds are on for them both going down together… ;)
@Kurt, OpenID is great but not mainstream yet, I’m sure we’ll follow suit soon enough though…
I like the Basecamp implementation of OpenID, the way it will link multiple accounts for you. As Mark says though, it’s not mainstream and I can’t think of a single one of our target audience that wouldn’t be confused by typing in a URL at the login screen. I think when we implement it, it will be as an option for those of a more geeky persuasion.
1995 called, they want their passwords back! I’d advice a passphrase, much easier to remember and just as strong if not stronger.
Nice Idea, how about using random password from blog?
public demo URL?
{ 1 trackback }