I’ve been building a password generator the past few days. It takes words from the dictionary at random* and then combines them with punctuation and numeric characters.
- never use a password for more than one site/service/login, and
- not even know most of my passwords, and
- let software generate them for me
But I guess I can see a need for passwords that are memorable, or at least easy to visually read and type in on another screen (perhaps a miniature one, or a computer you don’t own). That’s when passwords made out of words my brain knows, like
have an advantage over a more random string of characters like
…Try reading that off your phone and typing it into someone else’s computer!I was inspired by the Password Strength edition of the xkcd comic, but:
- Lots of services I use require a capital letter, a numeral, and a punctuation character, and
- Most of them don’t support password lengths high enough to permit the “correct horse battery staple”-style of passwords.
And, I see that I’m not the only one — visit http://correcthorsebatterystaple.net if you like. The reason I decided to build my own generator, instead of using that one: the site’s not available via HTTPS. It doesn’t make much sense to me to generate passwords — presumably for securing stuff you care about — when that connection is snoopable.
So, I made one, secured it, and while testing it, some really interesting combinations have come up — at pseudo-random: