1. 9

This is a really basic web toy I’ve been working on for the past couple of days as a little programming challenge after I found out about the PGP word list. Hopefully, you find it useful.


  2. 2

    Neat! So it produces passwords which are easier to read out over a voice line? If I don’t have that requirement, would it be useful for me? I use the “xkcd 4 word” method by running shuf -n 4 /usr/share/dict/words then I add some punctuation for good measure. That’s only for my master password which I commit to memory though, everything else is random gibberish in keepass.

    1. 1

      Indeed the passwords are easy to read and sound out. I think that property makes for better passwords as each word has a unique sound. It’s my understanding that property could help people better remember the generated passphrase than just choosing some random words from the dictionary. Not to mention that the random words can be quite short (“be”, “I”, “are”, etc) which doesn’t help your passphrase’s security.

      Regardless if you use my toy page above, I’d at least recommend increasing the number of words you use to 6, if not more. (I chose 7 for this toy.) There has been some studies done to test the effectiveness of the “xkcd method”, and while it does help with getting users to chose more secure passwords than before, the resulting loss of entropy means you’d need to have a longer passphrase than before. As you mention, you do add punctuation to the phrase, and are not using the generated result directly, so this point might be moot for you anyways.