Download Code
I first developed this component for a private web application. Users do not self register, but are approved for access by their service contacts. We then set up the user’s account, assigning a randomly generated passphrase as part of the account setup. When the user logs in for the first time, they are required to change their passphrase to one of their own choosing that meets certain complexity requirements. If a user forgets his or her passphrase, we create a new one using this control, and the user can then log in, but is forced again to change the passphrase. Passphrases are salted and hashed before storing them in the database, and comparisons at login are made against the hash, rather than the passphrase. Although this component was originally designed for a web-based application, it could easily be modified for use as a password generator run on desktop or mobile platforms, or for any other use subject only to your imagination.