I’ve been building a password generator the past few days. It takes words from the dictionary at random* and then combines them with punctuation and numeric characters.
- never use a password for more than one site/service/login, and
- not even know most of my passwords, and
- let software generate them for me
But I guess I can see a need for passwords that are memorable, or at least easy to visually read and type in on another screen (perhaps a miniature one, or a computer you don’t own). That’s when passwords made out of words my brain knows, like
have an advantage over a more random string of characters like
…Try reading that off your phone and typing it into someone else’s computer!
- Lots of services I use require a capital letter, a numeral, and a punctuation character, and
- Most of them don’t support password lengths high enough to permit the “correct horse battery staple”-style of passwords.
And, I see that I’m not the only one — visit http://correcthorsebatterystaple.net if you like. The reason I decided to build my own generator, instead of using that one: the site’s not available via HTTPS. It doesn’t make much sense to me to generate passwords — presumably for securing stuff you care about — when that connection is snoopable.
So, I made one, secured it, and while testing it, some really interesting combinations have come up — at pseudo-random: