On Wed, Feb 25, 2015 at 12:24 PM, Miloslav Trmač <mitr@xxxxxxxxxx> wrote: >> If nobody else is looking at your screen, you can use one of the following >> random passwords: >> red mist >> second wanted degree >> however ready respect using >> """ > > Now this is an useful idea. We should have this. (The required never-ending nowhere-leading discussion about what the recommendations should look like notwithstanding.) OK well at least there's acknowledgement, at least on this list, that there need to be visible recommendations in the UI rather than the user given a text fail whale. I don't know if there's consensus on this point. What about a "pronounceable" password creator, one that explicitly doesn't use dictionary words? Based on the aforementioned 2009 estimated cost to brute force attack passwords, it still looks like passwords like "however ready respect using" can't possibly be all that safe against a voluminous attack. If you want to go to all this work building such a thing and translating it, why not help the user create completely non-dictionary passphrases that have some change of being memorable by virtue of being pronounceable. Plus, the proposal should be nonsense in any language, which seems less Amero/Anglocentric. anguleatimplesc nitypeyrosentra mideakeremicamo spenhutendempis And so on. I got these from Lastpass which lets me choose 'make pronounceable' as an advanced option, and I can pick any length. The argument against is that chances are the user has to write these down at least temporarily until memorized. *shrug* But that could be true for four word passphrases too. Chris Murphy -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
