Exclude Homoglyphs in Password Generation

jocxfin commented 6 months ago

Title

Is Your Feature Request Related to a Problem? Please Describe.

Yes, the problem is the difficulty in distinguishing similar characters in passwords, such as the letter "o" and the digit "0". This similarity can cause confusion and errors during password entry, especially in fonts where these characters are nearly indistinguishable.

Description

Introduce a feature in the Secure Password Generator that allows users to exclude homoglyphs - characters that look similar to each other - from the generated passwords or passphrases. This enhancement aims to improve password readability and reduce the likelihood of user error when entering passwords.

User Story

As a user, I want the option to exclude similar-looking characters from my generated passwords so that I can easily distinguish and accurately enter my passwords without confusion.

Acceptance Criteria

Criterion 1: Users can select an option to exclude homoglyphs when generating passwords.
Criterion 2: When selected, the generated passwords do not include commonly confused characters such as "o" and "0", "l" and "1", etc.

Implementation Notes

A list of homoglyphs should be identified and excluded from the character pool when this option is active.
This feature should be optional and controlled by a user-selectable setting in the UI.

Potential Challenges

Identifying all relevant homoglyphs across different character sets and languages might be challenging.

Priority

Medium

Labels

enhancement, usability

jocxfin commented 6 months ago

@akzkak you can track this feature request here now

jocxfin commented 6 months ago

@akzkak to clarify the intention behind the feature request regarding homoglyphs in passwords, was the objective to entirely prohibit the use of these specific homoglyph characters:

homoglyphs = { 'o': ['0'], '0': ['o'], 'l': ['1', 'I'], '1': ['l', 'I'], 'I': ['1', 'l'], }

Meaning, none of these characters should be allowed in passwords?

Or was the goal to restrict the use of these homoglyph characters in combination within a single password, allowing only one from each homoglyphic group per password?

The solution I have developed functions by allowing only one character from each homoglyph group in a password, rather than excluding these characters altogether, but removing them all together is even easier solution. Up to you.

akzkak commented 6 months ago

Would definitely prefer to avoid em completely, like they do with Bitwarden. https://www.google.com/search?q=bitwarden+ambiguous+characters

jocxfin commented 6 months ago

Sure. I'll do that. I'm also planning on creating a feature where you can pass the options as env variables while running the docker command, so you wouldnt need to switch that feature on. I'll make a new release very soon ™. Thanks for your help @akzkak!

jocxfin / pwgen