[Gen]: Do we want control over symbols in random generated passwords?

[vext01]

Do certain symbols cause issues? Do we want to give the user control over what symbols can appear in passwords? Discuss...

[richlanc]

I was going to argue for prefined character sets (simple -> alphanumerics, complex -> alphanumerics+special characters), but then you have to decide which special characters to include and there isn't a standard for this.

http://xkcd.com/936/ So... perhaps a selection of alphanumerics with a great enough length is secure enough? We could then provide the option to include provided special characters. This does have the obvious drawback in that the user will be unlikely to remember the password.

[vext01]

I like the idea of predefined character sets. Let's default to complex though and if the user finds an annoying website, they can either use simple mode or manually tweak the generated password?

Truly pronounceable passwords are a further enhancement. You might be able to steal the algorithm from pwgen: http://sourceforge.net/p/pwgen/code/ci/master/tree/pw_phonemes.c

If we are in agreement, we should raise a issue bug for pronounceable passwords...