Skip to main content

A bad password generator for bad websites with bad password policies

Project description


To create and remember passwords for online services, the best practice for most folks online is to use a password management tool such as Bitwarden to generate long, cryptographically random passwords. Then, a very strong passphrase is used to lock the password manager.

Unfortunately, in a misguided attempt to encourage users to choose better passwords, many websites and apps enforce restrictive password policies that place restrictions on what sorts of characters must be (or may not be) in a password. These policies inhibit users from using cryptographically random password generators: a long, high-entropy password is more likely to violate such rules, which means a security-savvy user may have to attempt several “random” passwords before one is accepted. This punishes users who are trying to follow best practices.

Enter dumbpw. dumbpw allows you to configure a set of rules, and then it will generate a cryptographically secure password that conforms to those dumb rules.

If all you need is a password generator, you should not use this.


pip3 install dumbpw


$ dumbpw --help
Usage: dumbpw [OPTIONS] LENGTH

  --version                       Show the version and exit.
  --min-uppercase INTEGER         The minimum number of uppercase characters.
  --min-lowercase INTEGER         The minimum number of lowercase characters.
  --min-digits INTEGER            The minimum number of digit characters.
  --min-specials INTEGER          The minimum number of special characters.
  --blocklist TEXT                Characters that may not be in the password.
                                  [default: '";]
  --allow-repeating / --reject-repeating
                                  Allow or reject repeating characters in the
                                  password.  [default: reject-repeating]
  --help                          Show this message and exit.

Known issues

  • dumbpw uses secrets to generate passwords. If the generated string doesn’t meet the given requirements, dumbpw discards it and generates another, until one passes. Therefore, if you ask dumbpw to generate a long password with high minimums, it will run for a very long time before terminating.
  • Likewise, if your minimums require characters that are banned in the blocklist option, dumbpw will run forever.
  • The author is neither a cryptographer, nor a security expert. There has been no formal, independent, external security review of this software. As explained in the LICENSE, the author assumes no responsibility or liability for your use of this software.


To install development dependencies, you will need poetry and pre-commit.

pre-commit install --install-hooks
poetry install && poetry shell

direnv is optional, but recommended for convenience.

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

dumbpw-0.3.3.tar.gz (10.3 kB view hashes)

Uploaded source

Built Distribution

dumbpw-0.3.3-py3-none-any.whl (10.8 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page