Generate Secure Random Passwords and Tokens in Python

Generate Secure Random Passwords and Tokens in Python

Having secure random numbers allows us to manage sensitive information, such as password and security tokens. We will be using the secrets module, available in Python 3.6.

In this piece, you’ll learn the proper ways to generate strong random passwords and tokens that are cryptographically secured. Having secure random numbers allows us to manage sensitive information, such as password and security tokens. We will be using the secrets module, available since Python 3.6. The official documentation states:

“… secrets should be used in preference to the default pseudo-random number generator in the random module, which is designed for modelling and simulation, not security or cryptography.”

There are three sections in this article:

  1. Basic Usage
  2. Examples
  3. Conclusion

Let’s get started.

1. Basic Usage

The secrets module provides a few built-in functions that we can use to generate numbers and tokens. No setup is required but we need to import the module before we use it.

import secrets

Generate a random number

Use the randbelow function to generate a number. It accepts an integer and the number generated is between 0 and the input integer minus 1. The input integer must be higher than 0

secrets.randbelow(2) # generate either 0 or 1
secrets.randbelow(10) # generate a number from 0 to 9
secrets.randbelow(0) # error
secrets.randbelow(-10) # error

You can also use the randbits function to generate a random number. It accepts an integer which represents the number of bits. The input integer must be higher than 0.

secrets.randbits(1) # generate either 0 or 1
secrets.randbits(2) # generate a number from 0 to 3
secrets.randbits(4) # generate a number from 0 to 15
secrets.randbits(8) # generate a number from 0 to 255

Generate a random element from a list

The module also provides a way for us to choose a random element from a non-empty sequence. Let’s try it out using the choice function

colour = ['red', 'blue', 'green', 'purple', 'yellow']
secrets.choice(colour)

Generate a random byte string

token_bytes function is the perfect choice for generating bytes. You can specify an integer as a parameter. It will determine a random integer if you don’t specify anything.

secrets.token_bytes(8) # generate 8 random bytes string

You should see a random byte string like this:

b'\x1bq\x8e\x83\x08\xb2g\x17'

Generate a random string in hexadecimal

If you wanted a string in hexadecimal, you can use the token_hex function. Just like the token_bytes function, it accepts an integer which is used to generate n number of bytes, each byte will be converted to two hex digits later.

secrets.token_hex(16) # generate 16 random hexadecimal string

This is an example of the output:

cd7b7fb7e0c5c1fa17389050f884526e

Generate a URL-safe string

Sometimes, you might want a string that is Base64 encoded for your web application. The token_urlsafe function comes in handy for such a use case.

secrets.token_urlsafe(16)

I got the following result:

S357dE8QSuE

2. Examples

In this section, I will outline some of the best practices for generating a secure password and token. Feel free to test them on your own.

Generate a 10-characters alphanumeric password

import string
import secrets
alphabet = string.ascii_letters + string.digits
password = ''.join(secrets.choice(alphabet) for i in range(10))
print(password)
  • ascii_letters — contains both the lower case and upper case from A-Z

Generate a 10-characters hexadecimal password with punctuation

import string
import secrets
alphabet = string.hexdigits + string.punctuation
password = ''.join(secrets.choice(alphabet) for i in range(10))
print(password)

Generate a 10-characters password with at least one lowercase, one uppercase, and one digit

import string
import secrets
alphabet = string.ascii_letters + string.digits
while True:
    password = ''.join(secrets.choice(alphabet) for i in range(10))
    if (any(c.islower() for c in password) and any(c.isupper() for c in password) and any(c.isdigit() for c in password)):
        break
print(password)
  • islower — Determine if the character is lowercase
  • isupper — Determine if the character is uppercase
  • isdigit — Determine if the character is a digit

Generate a 10-characters password with at least two uppercase and two digits

import string
import secrets
alphabet = string.ascii_letters + string.digits
while True:
    password = ''.join(secrets.choice(alphabet) for i in range(10))
    if (sum(c.isupper() for c in password) >= 2 and sum(c.isdigit() for c in password) >= 2):
        break
print(password)

Generate a four-word password that is unique

import secrets
animal = ['horse', 'elephant', 'monkey', 'donkey', 'goat', 'chicken', 'duck', 'mouse']
fruit = ['apple', 'banana', 'peach', 'orange', 'papaya', 'watermelon', 'durian']
electronic = ['computer', 'laptop', 'smartphone', 'battery', 'charger', 'cable']
vegetable = ['lettuce', 'spinach', 'celery', 'cabbage', 'turnip', 'cucumber', 'eggplant']
word_list = animal + fruit + electronic + vegetable
password = set()
while True:
    password.add(secrets.choice(word_list))
    if(len(password) >= 4):
        break
print(' '.join(password))

Generate a temporary URL with security tokens for a password reset

import secrets
url = 'https://mywebsite/reset?key=' + secrets.token_urlsafe()
print(url)

3. Conclusion

Let’s recap what we’ve learned today. We started off exploring the basic functions provided by the secrets module.

Then, we tested the functions to generate some random password and tokens in string token or bytes.

Finally, we tried to play with the module and generated a few different types of password that are strong and secured.

Please be reminded that you should not store your password in any plain text or encrypted file that is easily recoverable. They should be salted and hashed using an irreversible, one-way hash function.

Thanks for reading and hope you enjoyed this tutorial.

python programming

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Guide to Python Programming Language

Guide to Python Programming Language

Python Hello World Program - Create & Run Your First Python Program in PyCharm

Python Hello World Program - Your first step towards Python world. Learn how to create the Hello World Python program in PyCharm.

Python Programming Tutorials For Beginners

Python Programming Tutorials For Beginners

Learn Python Programming

Learn Python Programming

Python Programming & Data Handling

Python Programming & Data Handling