←back to thread

Apple Passwords’ generated strong password format

(rmondello.com)
430 points tambourine_man | 8 comments | 18 Oct 24 11:12 UTC | HN request time: 0.956s | source | bottom
Show context
eviks ◴[18 Oct 24 13:11 UTC] No.41879128[source]
Why not just use real words with longer password instead? That'd be easier to type than these shorter "word-like" syllables
replies(3): >>41879137 #>>41879148 #>>41879247 #
lemagedurage ◴[18 Oct 24 13:26 UTC] No.41879247[source]
When typing through a TV remote or console controller, shorter passwords might be preferred, especially if parts are still easily memorizable.

Also, I think some website still have a relatively low upper limit for password length.

replies(1): >>41879275 #
1. wlesieutre ◴[18 Oct 24 13:29 UTC] No.41879275[source]
Apple TV lets you use your phone to input passwords, so in Apple's ecosystem they wouldn't care about that. And being Apple, they wouldn't care about people needing to use anyone else's devices.

Website length limits are a problem though, in the worst case there are websites that silently truncate your password so you don't even realize that the first 12 (or whatever) characters are the only part that matters. If your first 12 characters are two words with a dash in the middle, that could be a real vulnerability.

Another benefit of passkeys is that it limits the ability of websites to do that kind of stupid shit.

replies(2): >>41879373 #>>41879573 #
2. tssva ◴[18 Oct 24 13:39 UTC] No.41879373[source]
Roku, who has about 50% of the streaming device market in the US, supports entering passwords via their mobile apps.

Having to enter a password on a streaming device is rare event for me at least. Almost all of the apps on my Roku support using an off device web browser to authenticate.

replies(2): >>41880068 #>>41888451 #
3. jonhohle ◴[18 Oct 24 14:03 UTC] No.41879573[source]
> And being Apple, they wouldn't care about people needing to use anyone else's devices.

Did you RTFA?

>> To make these passwords easier to type on suboptimal keyboard layouts like my colleague’s game controller, where the mode switching might be difficult, these new passwords are actually dominated by lowercase characters. And to make it easier to short-term have in your head little chunks of it to bring over to the other device, the passwords are based on syllables. That’s consonant, vowel, consonant patterns. With these considerations put together, in our experience, these passwords are actually a lot easier to type on a foreign, weird keyboard, in the rare instances where that might be needed for some of our users.

replies(1): >>41879784 #
4. ◴[18 Oct 24 14:28 UTC] No.41879784[source]
5. jeffhuys ◴[18 Oct 24 15:03 UTC] No.41880068[source]
> Roku, who has about 50% of the streaming device market in the US

Wow, really? That's surprising to me, do you have a link so I can see the rest of the stats?

replies(1): >>41883608 #
6. tssva ◴[18 Oct 24 21:21 UTC] No.41883608{3}[source]
https://www.coolest-gadgets.com/streaming-devices-statistics...
7. tzs ◴[19 Oct 24 15:45 UTC] No.41888451[source]
How about during initial setup of the Roku itself? Can you use the mobile app to give the Roku your WiFi password?
replies(1): >>41895283 #
8. tssva ◴[20 Oct 24 13:36 UTC] No.41895283{3}[source]
I don't believe that was an option when I set mine up but that was a few years ago. Also there is a wide range of Roku devices and TVs with differing capabilities so even ig mine didn't it might be that some do support this. I honestly don't know.