keepassium
commented
2 years ago Thank you for the suggestion.
I think I understand the rationale: passphrases are easier to type when required, but they are often rejected by too rigid password rules (numbers, special characters, max-length, etc). So it would be useful to throw in a random digit and a special character just to satisfy the checker.
That said, I don't quite see the point of overcomplicating this.
Set the size as a number of characters instead of number of words.
The strength of passphrases is their long length. If a website restricts the maximum input length, it would be much safer to ~avoid it~ use a standard random password. If we have only 10 characters to fill, why waste them on a weak 4duckling% if we could use a Kf*q8aH#[6 instead?
- a fourth case option, with alternating WORD case. Eg : MY example PASSWORD
- Add padding digits (before and/or after words)
- Add some padding symbols (before and/or after words)
Yes, these additions would increase the entropy of the generated password (no longer a phrase as such). At the cost of more complicated UI and more complicated typing.
A 7-word phrase from EFF long list is 7776^7 ~ 10^27 combinations. With random padding and alternating case, we can bump it up a bit. Is it worth the trouble, though? Why not just add another word or two?
tberta
What can be improved? i like to use passwords composed of several different words when I register on web sites. But I need also to match the sites requirements for password, that often include :
The actual secret phrase generator
The solution you'd like I’d like to have more choice for this password generator based on wordlist :
Alternatives you've considered Currently I use https://xkpasswd.net/s/ in the default config and am fully inspired by it for this suggestion / refinement request.
Thanks for reading.