Enhancement Rqst: Separator for Character PWs

A separator is provided for the Word PW but is absent from the standard formula. Provisioning a delineator for standard PWs (a hyphen, period, underscore, etc) would be helpful in splitting lengthy PWs into readable blocks for the times they must be read and entered by hand.

Comments

  • brentybrenty

    Team Member

    @RJC_CA: That would reduce the strength of character-based passwords, having predictable separators, but it's possible we'll add something similar to that in the future if we can find a good way to generate strong passwords like that. But really it would be best to use a word-based password since those are not only easier to read and type, but also very strong, since they're being generated from a database of over 18000 words. Cheers! :)

  • Thanks for replying. I want to make sure I’m comprehending correcting...is a 15 character PW less secure when broken into separated blocks of 5 chars (total 17 chars)? From a solving perspective the consequence of predictability seems logical if thats what your saying.
    Thx
    RJ

  • brentybrenty

    Team Member

    @RJC_CA: Automated guessing of three five-character strings separated by two fairly predictable characters would be easier than 17 characters that are all completely unrelated and random. But my main concern is that you're also getting very little benefit with regard to separators when the other characters are still not easy to remember or type -- sort of the worst of both worlds. Even a three-word random Worldlist password takes more than half a year to guess when there is a cash prize involved, so that's sufficient for many uses. And since using a four-word random password pushes brute force attacks into infeasibility and is much easier to remember and type (like my own Master Password), it seems like that would be a better option. Even words we've never heard of before are manageable in a way that characters alone are not. Let me know what you think, or if there's a specific use case you have in mind that changes the equation, so to speak. :)

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Hi @RJC_C,

    I'm not entirely sure what you are asking for. Are you asking to take a generated password like byuz+qEMnx468r}hC9qz and make it byuz+-qEMnx-468r}-hC9qz?

    If your goal is to make them simply more legible, then the trick would be not to add anything to the password itself, but to make the large type viewer more chunky. Here is what it looks like now

    large type view

    But without knowing what is in there, it isn't clear where separators would go. This would be an even bigger problem for human created passwords that might have meaningful units which the display wouldn't be aware of.

    So mostly what I'm going to recommend is that for those passwords that you need to speak or transcribe, the wordlist based passwords make the most sense.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file