#1 2020-06-04 17:14

mythofechelon
Member
Registered: 2013-04-16
Posts: 6

Complex passphrases and password requirements

RandPass' word mode is great for generating passphrases but many systems still use outdated password requirements (at least 1 symbol, number, etc) so I'd love to see additional options added to randomly generate and insert symbols and numbers in the same way that DiceGen does on iOS:
DiceGen on iOS

Thanks.

Last edited by mythofechelon (2020-06-05 10:17)

Offline

#2 2020-06-06 17:13

den4b
Administrator
From: den4b.com
Registered: 2006-04-06
Posts: 3,440

Re: Complex passphrases and password requirements

I looked for your DiceGen app in the Apple Store, but no luck. So thanks for adding a screenshot, it demonstrates it nicely.

I may be wrong, but I think it may actually be more convenient for the user to manually inject a random number or a symbol (or whatever else may be required by a particular password schema) once a suitable password was chosen from the generated list. This is kind of easier on a PC, but perhaps not as convenient on a mobile device with a pointer and popup keyboard.

Does it always insert exactly 1 digit and 1 symbol, and exactly at the end of a first word?

The number of additional options may explode quite quickly.

I'm not against adding these extra options, just trying to evaluate their usefulness.

Offline

#3 2020-06-06 18:18

den4b
Administrator
From: den4b.com
Registered: 2006-04-06
Posts: 3,440

Re: Complex passphrases and password requirements

The original NIST guidelines for requiring a presence of certain characters in passwords have been withdrawn in 2017 update.

Here are some relevant key points:

Wikipedia.org wrote:

* Verifiers should not impose composition rules e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters.
* Verifiers should not require passwords to be changed arbitrarily or regularly e.g. the previous 90 day rule.
* Passwords must be at least 8 characters in length.
* Password systems should permit subscriber-chosen passwords at least 64 characters in length.
...

See here for more details:
https://en.wikipedia.org/wiki/Password_ … guidelines

So we are discussing a feature which is now discouraged by the recent security standards.

Of course, it doesn't mean that all systems out there will promptly adjust their password requirements.

Offline

#4 2020-06-07 15:28

mythofechelon
Member
Registered: 2013-04-16
Posts: 6

Re: Complex passphrases and password requirements

Thanks for the reply.

I may be wrong, but I think it may actually be more convenient for the user to manually inject a random number or a symbol (or whatever else may be required by a particular password schema) once a suitable password was chosen from the generated list.

That's what I've been doing ever since the word / passphrase option was added to RandPass so I can confirm that it's a pain, it not being automatic.

Does it always insert exactly 1 digit and 1 symbol, and exactly at the end of a first word?

Always 1 digit and 1 symbol and always at the end of the word but they move around. Here are some more examples of complex passphrases that it generated:

Tuesday4 Proofread: Occupy
Skinhead Maggot Balance7{
Reusable4@ Rupture Boxer
Coliseum Moonbeam$ Popsicle9

Actually, I'd prefer if it even randomised whether they're at the start or end of the word, thinking about it.

So we are discussing a feature which is now discouraged by the recent security standards.

True but, as I say, a lot of web sites / systems still use outdated password policies so it'd be nice to have an option to comply with them easily whilst actually using passphrases.

Thanks!

Last edited by mythofechelon (2020-06-07 19:34)

Offline

#5 2020-08-03 21:39

mythofechelon
Member
Registered: 2013-04-16
Posts: 6

Re: Complex passphrases and password requirements

Hey Denis,

Do you think you'll implement this? If so, I greatly look forward to it!

Thanks.

Offline

#6 2020-08-04 15:36

den4b
Administrator
From: den4b.com
Registered: 2006-04-06
Posts: 3,440

Re: Complex passphrases and password requirements

You can now find this option in RandPass 2.0.0.5 Beta.

Please try the latest development version and let us know what you think.

Offline

#7 2020-08-08 14:28

mythofechelon
Member
Registered: 2013-04-16
Posts: 6

Re: Complex passphrases and password requirements

It looks great! Thank you very, very much!

Offline

Board footer

Powered by FluxBB