←back to thread

Apple Passwords’ generated strong password format

(rmondello.com)
430 points tambourine_man | 1 comments | 18 Oct 24 11:12 UTC | HN request time: 0.288s | source
Show context
calgoo ◴[18 Oct 24 13:17 UTC] No.41879171[source]
I always liked the 1Password word passwords… you select the number of words and it generates each word in upper OR lowercase, and connect them with symbols or numbers. Easy to memorize, and better then keepass or others that use more fixed formats: same characters between words and words are just in title format where the first letter is upper case and rest is lowercase.
replies(5): >>41879306 #>>41879343 #>>41879408 #>>41879433 #>>41879512 #
jorvi ◴[18 Oct 24 13:42 UTC] No.41879408[source]
The problem is that many sites still use archaic password rules.

1Password should by default just always capitalize one word, and add “1” at the end of the memorable password. Since the words are separated by “-“ or “.”, you already hit the “at least one symbol” rule.

replies(3): >>41879566 #>>41880012 #>>41883980 #
extraduder_ire ◴[18 Oct 24 14:55 UTC] No.41880012[source]
I was presently surprised by the password requirements when I created a bugzilla account just the other day.

    - Password must be at least 12 characters long.
    - And the password must also contain either of the following:
        - A phrase containing at least four unique words of three characters or longer
        - or password contains at least 3 of the following qualities:
            - uppercase letters
            - lowercase letters
            - numbers
            - punctuation characters
            - or more than 12 characters
I went with the phrase option.
replies(2): >>41880596 #>>41882212 #
1. jorvi ◴[18 Oct 24 15:55 UTC] No.41880596[source]
I’ve seen minimums of 8 and 12, and maximums as low as 20.

AgileBits obviously has done a lot more profiling, but it would be nice if they developed a universal password formula that was still memorable. So with words, “-“ separator (or maybe “.” separator?), maximum length 18, one whole word capitalized, random single digit at the end or beginning.

That way you keep maximum entropy, keep it readable, whilst fitting within the rules of “all” sites.

Although within 5-10 years I see passkeys having largely taken over, especially because mom and pop won’t be able to forget those, and they won’t be able to forget their fingerprint or face either.