←back to thread

Apple Passwords’ generated strong password format

(rmondello.com)
430 points tambourine_man | 1 comments | 18 Oct 24 11:12 UTC | HN request time: 0s | source
Show context
calgoo ◴[18 Oct 24 13:17 UTC] No.41879171[source]
I always liked the 1Password word passwords… you select the number of words and it generates each word in upper OR lowercase, and connect them with symbols or numbers. Easy to memorize, and better then keepass or others that use more fixed formats: same characters between words and words are just in title format where the first letter is upper case and rest is lowercase.
replies(5): >>41879306 #>>41879343 #>>41879408 #>>41879433 #>>41879512 #
jorvi ◴[18 Oct 24 13:42 UTC] No.41879408[source]
The problem is that many sites still use archaic password rules.

1Password should by default just always capitalize one word, and add “1” at the end of the memorable password. Since the words are separated by “-“ or “.”, you already hit the “at least one symbol” rule.

replies(3): >>41879566 #>>41880012 #>>41883980 #
dark-star ◴[18 Oct 24 14:01 UTC] No.41879566[source]
I especially like sites that disallow pasting into password fields.... Yes, that is apparently a thing, especially for banking or finance related sites (from my experience)
replies(7): >>41879659 #>>41879830 #>>41880113 #>>41880189 #>>41880542 #>>41881749 #>>41881852 #
bruckie ◴[18 Oct 24 15:15 UTC] No.41880189{3}[source]
I'm a big fan of the "Don't mess with paste" bookmarklet that I got from this thread a while back: https://news.ycombinator.com/item?id=38014653

One click and I can paste anyway. Nyah nyah nyah nyah nyah nyah.

replies(1): >>41880917 #
kyleee ◴[18 Oct 24 16:26 UTC] No.41880917{4}[source]
Brave has a ‘force paste’ option in the right click context menu, that way you don’t need an extension. Awesome feature
replies(1): >>41881934 #
encom ◴[18 Oct 24 18:06 UTC] No.41881934{5}[source]
Why is disabling paste even a thing that a website is allowed to do?
replies(1): >>41882283 #
samatman ◴[18 Oct 24 18:44 UTC] No.41882283{6}[source]
I'm aware of one case where it's a useful feature: the "type this name to delete" form on GitHub (found elsewhere as well).

The purpose, which is to make sure the user knows what they're deleting permanently, is defeated if they can copy the end of the URL string and paste it straight in. Adding a bit of friction there is helpful.

The actual answer to your question is more like "someone thought it was a good idea and now we're stuck with it", though. More browsers should offer a force paste in the context menu, because when said is done, it's my browser, and if I want to do something, I should be able to do it.

replies(1): >>41882798 #
1. skydhash ◴[18 Oct 24 19:43 UTC] No.41882798{7}[source]
> I'm aware of one case where it's a useful feature: the "type this name to delete" form on GitHub

While I like the dialogue it’s only a step up over a confirmation dialog (forcing you to switch from clicking to typing). So disabling paste don’t add anything to that. I’d rather they have a trash section so I can undelete or force remove the project.