# Generator — Examples

> Hands-on runs with the Generator: a strong password, a BCrypt/Argon2 hash, WordPress keys, APR1-MD5 for .htpasswd, and setting up TOTP 2FA.

Source: https://www.jpkc.com/db/en/tools/generator/examples/

Back to the overview: [Generator](https://www.jpkc.com/db/en/tools/generator/) · Open the tool live: [www.jpkc.com/tools/generator/](https://www.jpkc.com/tools/generator/)

The [manual](https://www.jpkc.com/db/en/tools/generator/manual/) explains every tab and parameter. This page adds **concrete workflows**: common tasks, step by step. The interface is in English, so the tab and button names match the tool. All values shown are **examples**; your results will be different random values every time.

## Example 1: Generate a genuinely strong password

You need a password for a new account.

1. Open the [Generator](https://www.jpkc.com/tools/generator/); the **Passwords** tab is already active.
2. Set **Complexity** to `a-z + A-Z + 0-9 + more specials` (full entropy). If the target system dislikes specials, choose `less specials` instead.
3. Set **Length** to a generous value — 24 is the default; for highly sensitive accounts go to 32.
4. Click **Generate Password**. You get something like `T7v§ka-2Rm!eW9qZ$ub#Lp4x` (example). Use **Copy** to put it on the clipboard.

If you need to remember the password (for a master login, say), pick `Apple-style` instead: the interface then shows **Blocks** rather than length. With 4 blocks you get a pronounceable, easy-to-type password like `kibavu-se4iRo-pomuky-tazfeb` (example) — with exactly one digit and one uppercase letter.

## Example 2: A BCrypt hash for an existing password

You want to store a password as a BCrypt hash in an application or database.

1. Switch to the **Hashes** tab.
2. Type your password into the **Password** field — or click **Generate** for a random one. (Your own password never leaves the browser; hashing is done locally via WebAssembly.)
3. Choose a work factor under **BCrypt Cost**. `10 (default)` is a solid default; `12 (slow, ~3–8s)` for higher security if the login latency is acceptable.
4. Click **Hash**. After a short computation, the **BCrypt** field shows a value like `$2b$10$N9qo8uLOickgx2ZMRZoMy…` (example) — copyable via the clipboard icon.

The hash is in encoded format and carries the algorithm, cost, and salt; an application can verify it directly against a submitted password.

## Example 3: An Argon2id hash with OWASP memory

Argon2id is today's preferred choice for new systems.

1. In the **Hashes** tab, enter the password (or generate one).
2. Leave **Argon2 Memory** at the default `64 MB (OWASP)` — that matches a common OWASP recommendation. For weaker hardware use `16 MB`, for especially sensitive data `256 MB (slow)`.
3. Click **Hash**. The tool computes BCrypt, **Argon2i**, and **Argon2id** in parallel; the **Argon2id** field shows a value like `$argon2id$v=19$m=65536,t=3,p=1$…` (example).
4. The info line below confirms the parameters: `iterations=3, memory=64 MB, parallelism=1, hashLength=32`.

So you get three hashes at once and can pick the right one for your system.

## Example 4: WordPress security keys for wp-config.php

When setting up or hardening a WordPress install.

1. Switch to the **WordPress** tab.
2. Leave **Key Length** at `64` (default) — that's more than enough.
3. Click **Generate Keys**. You get a finished block of eight `define()` lines (`AUTH_KEY`, `SECURE_AUTH_KEY`, … `NONCE_SALT`).
4. **Copy** and paste the eight lines into `wp-config.php` (replacing the placeholder lines there). All logged-in sessions become invalid in the process — that's normal and intended when you rotate keys.

If you need hardened, rotating keys, click **Extreme Keys** instead: the panel opens with options for rotation and dynamic components. Mind the warning — IP switches, browser updates, or the rotation interval will then log users out automatically.

## Example 5: APR1-MD5 for a .htpasswd file

You want to protect a directory with Apache Basic Auth.

1. Switch to the **APR1-MD5** tab.
2. Choose **Complexity** (e.g. `less specials` so the password is easy to pass along) and **Length** (e.g. 16).
3. Click **Generate APR1-MD5**. The output contains both:

   ```
   Password:
   gT4m-xQ7vap.Rk2w

   APR1-MD5:
   $apr1$f3a9c1d2$Yl8…
   ```

   (Example values.)
4. Give the **plaintext password** to the person who should log in. Put the **`$apr1$` hash** together with the username into the `.htpasswd`, e.g. `webuser:$apr1$f3a9c1d2$Yl8…`.

## Example 6: Set up two-factor authentication via TOTP

You want to add a TOTP code to your authenticator, for a service or for testing.

1. Switch to the **OTP** tab.
2. Enter the identifier under **Account Name** (e.g. the email address) and the service name under **Issuer** (it later appears as the heading in the authenticator).
3. A **Secret (Base32)** is already prefilled; click **Generate** for a new one if needed. Leave **Interval** at `30 seconds` (the default for most services).
4. Scan the **QR code** with your authenticator app — or copy/open the **Key URL** (`otpauth://…`). Use **Save QR Code** to keep the code as a PNG.
5. Compare the code shown in the app with the **Current OTP** field: they must be identical. The **Remaining** display counts down the seconds left, and **Previous**/**Next** show the code before and after.

Important: the **secret** is the actual sensitive material — keep it safe (it is created and stays entirely in your browser). Anyone with the secret can generate valid codes.

---

There's more depth elsewhere: the [overview](https://www.jpkc.com/db/en/tools/generator/) for the big picture, the [manual](https://www.jpkc.com/db/en/tools/generator/manual/) for every parameter, and the [tips & tricks](https://www.jpkc.com/db/en/tools/generator/tips/) for strategy and pitfalls. You can try everything directly in the [tool](https://www.jpkc.com/tools/generator/).