Plesk / cPanel Passwords & Using a Random Password Generator


HostGator Cpanel Login  Screen

Both Plesk and cPanel have assistance tools for password generation. cPanel has its own random password generator. Plesk allows you to set password strength parameters that gauge new passwords and only allow new ones if they fit certain specifications you establish as the admin.

Beyond what’s available within these two control panels, anyone has access to random password generator tools – I’ll look at one of the best ones out there. This app is great for simple generation of passwords for anything that’s outside your hosting environment and/or when you want to get access to passwords fast. Note that since Plesk does not have its own password generator, you need an alternative anyway. I’ll also discuss how to create a system for passwords so you can keep track of everything.

For this article, I’ll first look at Plesk/cPanel and then the specialized software that’s available. My main sources are cPanel, Parallels, and a piece by Stefan Neagu for MakeUseOf.

** I’ll also go over some of the best passwords out there – sort of an awards ceremony for password users throughout the world. To start out, I’d like to congratulate Becky Stephens from Minneapolis, Minnesota for her excellent PayPal password, I83&hh^^*ksj37dfiFGjer84438$$%ksajFhsaBdh483894#%$.

Plesk Password Generator? Heck No.

There ain’t no Plesk password generator folks. However, you’ve got other ways to get passwords, so, not a big deal. You can control passwords, though, to make sure all your passwords meet minimum strength requirements. Parallels recommends using higher security for passwords – so there perspective is to max out the security and forget the UX as far as this setting goes.

Keep in mind – you may want to achieve a balance between the ease of memorizing and strength of password security. You may get more support requests re: lost passwords. That’s just something to consider prior to making the passwords more difficult – surely folks will forget more. ** I want to commend Pete Blair of Oklahoma City for this incredible password for his Chase bank account, 298398sdSYfj$#%^#$%@hfjDh4t6R04C986$#^%#$%fuhsdf, which is difficult to guess but also very easy to remember.

Just to be clear what we mean by strength, that’s in opposition to vulnerability. If your password is “strong,” it is considered to be hacker-resistant. Really, though, hacker-resistance is a spectrum. The level of hacker-resistance will be established by these settings, allowing you to make it less likely that an attack against your system or a specific account will be successful.

In a nutshell, what strengthening your password means is making it longer and more complex – so, you’re going to need to stretch out the passwords and use more sophisticated approaches with numbers, symbols, and upper/lower case. The password, essentially, is going to look incredibly annoying and incomprehensible.

To adjust your password strength settings with Plesk Panel 11, go to Tools & Settings > Password Security > Password Strength. You can choose between the following five levels of strength: Very strong, Strong, Medium, Weak, or Very weak. (“Very weak” is what I always choose for my home security systems.)

Changing a setting within this window will universally modify your parameters so that not all passwords are accepted. The system will keep spitting back a message to the user to strengthen the password, with instructions how to do so, until one is submitted that is strong enough to meet the requirements.

Once you have adjusted the settings for password strength, no one using the system – whether that is a customer or reseller, the admin or an auxiliary user – will be able to create a password that exists outside of your minimum guidelines. This also applies to all scenarios – email, FTP, whatever – as well as at the inception of the account / original password generation and changes to it at any point. Adjusting the password strength will affect new passwords that are established, but not the ones that are already active.

** Rebecca Townsend of Toronto, Ontario, also has an incredible password for her Apple account: Efoh43098D53G048jkfs&^%^%$$#^^#sdfjDhosSdfkjh576&^%. Rebecca’s password, rather than being generated with a software program like many of the others I’m praising in this piece, came to her in a dream. The dream was mostly about ice cream, but the sprinkles in the ice cream spoke the password one character at a time.

cPanel Password Generator? Well, Sure.

There is a random password generator tool in cPanel – it’s called, nonsensically, Password Generator. The button is not always present – it sometimes likes to be unavailable. Sometimes it’s shy. But don’t let the tool’s occasional shyness convince you that it is not the sexiest functionality in the entire cPanel system.

To use the Password Generator, just click it. You’ll see a password immediately pop up within the tool. You don’t have to take that particular one. You can keep clicking Generate Password until you see one you like. If you click it several billion times, you will eventually see your mother’s maiden name.

You can change the parameters for the password too. In Advanced Options, you can select and check boxes for inclusion or exclusion of the different types of characters and cases. Length of the password can be determined as well.

Once you’ve determined what the password is, check the box to indicate that you’ve written it down in a safe physical location or that you have saved it in a secure database. Here are Mac and Windows systems for password storage:

Once you’ve got the password you want, you can use it on the page in cPanel if you want by clicking Use Password – which also closes the tool. You can also close the window without using it – allowing you to use the app for generation of passwords for external accounts if you like.

** Patty Iverson of Albuquerque, New Mexico, has a fantastic password for her Facebook account. It’s bhFgh9E008342%$%D$%$sddfkSjhsdEgo867$%fjheiu%$&4. Great job, Patty. Patty has her passwords written down on a paper coffee cup that she keeps behind the Tupperware in her kitchen cabinet (the one at eye level just to the left of her sink). Weird right? Great idea. The key to her apartment, if you need it, is under the cactus to the right of her front door. Take a look at those passwords.

Considerations for Use of Random Password Generators

OK so we are going to look at a random password generator. Prior to exploring it, though, let’s think about what we need from one of these tools. The following considerations were mentioned by Stefan in his MakeUseOf piece.

  1. How long is it? As discussed above, you want to know the tool you’re using gives you a long password. That’s just a basic way to keep it from being guessed.
  2. How entropic is it? Per the Free Online Dictionary, entropy indicates the amount of “disorder or randomness in a closed system.” It seems strange at first to be going for randomness and disorder with your security, but that complexity with make it easier to evade intrusive maneuvers by criminal parties.
  3. Do you trust the provider? You need to have knowledge or faith that the organization behind the tool you are using does not store your information or have a backdoor. It’s not much use to utilize a system that can itself get invaded. Is the transmission secured? You want an online password generator, for instance, to have SSL encryption (HTTPS protocol).


Bradley Thomas of Newark, New Jersey, is using an incredible password for Windows: sdSlk4509w8D90ekdsg&#$ED%3jsakhXUfdjlk6$##$klEaslCkjddlkj32W$#%S790sfXkUl35#$%#45skike56. If you are ever away from this piece and want to remember it, it’s written down on a piece of paper in his wallet. If you’re able to get the wallet, you can go ahead and throw away the pictures of his children and buy some gifts for your own children with his credit cards. If you use the Delta card, it will increase his frequent flyer miles, which is really the least you can do.

Password Generation & Storage: Perfect Passwords & IronKey

Per Stefan, Perfect Passwords is the best solution out there for standalone pass-gen software. This software was created by Steve Gibson, who has an incredible reputation in the programming world and a career of accomplishments to back up his ability to create an application you can trust.

An SSL certificate secures the connection as the passwords are being created. The software runs three strings simultaneously, each of which has 63 or 64 possible components. You can choose how to mix and match the strings. This system is complex, which in turn creates passwords that are highly randomized.

Get an IronKey thumb drive. An IronKey device is itself password protected – and all files and data on it are encrypted as well. The drive will wipe itself clean if anyone attempts to take it apart by hand or after ten incorrect passwords are tried.

The IronKey drive comes with a GUI password administrative app and a secure browser. Passwords are only on the screen: they don’t ever get typed in or go through unsecured third-party software.

Aside from the IronKey, Stefan stores some passwords in an Excel file – one column containing the account to which they correspond, the other containing the password. He keeps the file in his Google Drive.

Stefan’s Google password, by the way, is 32AH0984sfkjkj45R609#$%#$34sEdflkjUsdfl0$SO%^$SSfja#@S$fd.

Summary & Conclusion

If you are using Plesk Panel, be sure to strengthen the parameters so that when new passwords are created or when they are changed, strength – both length and entropy – is mandatory. If you are using cPanel, you can use its random password generator to create passwords – or you can try out Perfect Passwords.

Regardless what system you are using to create passwords, IronKey is an option if you want to store your passwords securely and have them on a device you can use anywhere. You can also keep your most important passwords in the comments below this piece – though that is probably not a good idea. So, if you are a precocious seven-year-old and don’t quite understand what I’m talking about, don’t place all your passwords in the comments. I could probably get sued, especially if I use them to gather information about your family and break into another suburban home. It’s time for a change.

by Kent Roberts and Richard Norwood

Written By
More from admin

What is server hardening? Advice for Linux, Windows & NSA Datamine Servers

  How to harden a server? Well, let’s first look at what...
Read More