Ummm...you write a program.

If you don't know how to write a program you hire a programmer.

There are dozens of ways to create a random password in ASP. Without getting into deeper coding, the easiest way is to use a random number generator.

For example:

randomize
randomnumber=int(rnd*9999)+1

This will create a random number 4 digits in length. If you use that and combine it with other random characters (first three characters of a user last name), you can come up with some decent passwords.

You mentioned the password being the "primary key". I'm guessing you're referring to an Access/SQL database. If so, you'll have to deal with that part on your own.

Either way, I wouldn't use the password as the primary key.

A random number isn't certain to be unique. A GUID might be a good solution. If you're using ASP.Net, it's easy enough. If you're using traditional ASP, generate it from your database if it supports GUIDs or else use a COM component such as this one:

[ranainside.com...]

Yes, but I'm still wondering why anyone would need a unique password for their users.

Unique (primary key) usernames makes sense, but passwords?

Yes, it makes no sense to me either.

I agree with the others... don't make the password a PK. If you really want to force that value to be unique look at putting a unique index on that column in your database. I'd do the same with the email and let my user id (generated guid) be the PK.

I'd do the same with the email and let my user id (generated guid) be the PK.

What's the benefit of creating an artificial (and rather large) GUID based primary key over a password? Surely username is the perfect choice in this instance?

The guid makes a nice transition for state management so that an email and password are not slung back and fourth.

Edit: You can also get a unique 32 character guid from a server which makes it smaller then most email fields in a database.

Yes, a GUID is a 16 byte number which makes it smaller than the majority of email addresses.

However, if you already have an email address field in your table which enforced to be unique, why add an extra GUID field at all?

I can't imagine that maintaining state using a database is a good idea unless you are forced in to it (eg in a web cluster situation). Managing state from within memory is much faster.

Sheesh is it so hard to just answer the guys question?

'Hire a programmer' - Why do you even participate on a forum like this Iguana, if only to provide sarcastic replies?

----

Random -Pronouncable- Password

Include the following function in your page:

Function RandomPassword(Min, Max)
 Dim Password
 Dim AddConsonant
 Dim Letter
 Dim Length
 Dim Index
 Dim Random
 
 Const DoubleConsonants = "cdfglmnprst"
 Const SingleConsonants = "bcdfghjklmnprstv"
 Const Vowels = "aeiou"
 Randomize()
 Length = Int(Rnd * (Max - (Min - 1))) + Min
 While Len(Password) < Length
 Random = Int(Rnd * 100)
 If Not Password = "" And AddConsonant And Random < 10 Then
 Index = Int(Rnd * Len(DoubleConsonants)) + 1
 Letter = Mid(DoubleConsonants, Index, 1)
 Password = Password & Letter & Letter
 AddConsonant = False
 ElseIf Not Password = "" And AddConsonant And Random < 90 Then
 Index = Int(Rnd * Len(SingleConsonants)) + 1
 Letter = Mid(SingleConsonants, Index, 1)
 Password = Password & Letter
 AddConsonant = False
 Else
 Index = Int(Rnd * Len(Vowels)) + 1
 Letter = Mid(Vowels, Index, 1)
 Password = Password & Letter
 AddConsonant = True
 End If
 Wend
 
 If Len(Password) > Max Then Password = Left(Password, Max)
 
 RandomPassword = Password
 End Function

Then call it with something like

Response.Write RandomPassword(7, 10)

or, more likely, as the value of a form field:

<form action="submit.asp" method="post">
<input type="text" name="username">
<input type="password" name="password" value="<%=RandomPassword(7, 10)%>">
</form>