←back to thread

Apple Passwords’ generated strong password format

(rmondello.com)
430 points tambourine_man | 6 comments | 18 Oct 24 11:12 UTC | HN request time: 0.782s | source | bottom
Show context
mr_mitm ◴[18 Oct 24 13:40 UTC] No.41879391[source]
I'm glad someone is thinking about UX and ergonomics when it comes to passwords. Most people I interact with have by now realized that generating passwords is a good idea. But if you are already generating the password, please do not include special characters. I regularly use different keyboard layouts (sometimes it is not even clear which layout is active, like in the vSphere web console), and the fact that passwords are often not shown on the screen when typing them makes for terrible UX and causes frustration.

The usual advice about character classes is only for casual users who don't know what makes a secure password. Entropy is the deciding factor: Ten random lower case letters is much more secure than "Summer2024!", which satisfies most password rules and has more characters.

Personally I stick to lower case letters for things like my Netflix password or Wifi key, because typing with a TV remote can be a huge pain. To keep a similar entropy, just increase the length by one or two characters.

replies(10): >>41879469 #>>41879535 #>>41879556 #>>41879734 #>>41879735 #>>41880345 #>>41880499 #>>41881423 #>>41881471 #>>41883418 #
1. hoten ◴[18 Oct 24 20:55 UTC] No.41883418[source]
Just today I had to reset my Dropbox password b/c it had a "`" character, and I was trying to use a self-service printer at FedEx. Their weird touch keyboard didn't have backticks.
replies(3): >>41883765 #>>41883846 #>>41885057 #
2. ivanjermakov ◴[18 Oct 24 21:42 UTC] No.41883765[source]
Some characters felt illegal to use in passwords, like starting your password with space. Not only feels, but will not pass validation during sign up in many places.
3. sebastiennight ◴[18 Oct 24 21:53 UTC] No.41883846[source]
You're entering your Dropbox password on other people's machines? Was there no option to just share the document as a public link or something?
replies(2): >>41883961 #>>41885063 #
4. hoten ◴[18 Oct 24 22:10 UTC] No.41883961[source]
I reset my password again shortly after.
5. RockRobotRock ◴[19 Oct 24 01:57 UTC] No.41885057[source]
those things are dogshit. It's really incredible how terrible and difficult Kinkos has made the process of printing. The email service has also never worked for me.
6. ◴[19 Oct 24 01:58 UTC] No.41885063[source]