← Back to context

Comment by ianopolous

1 day ago

Humans shouldn't generate passwords. ~0 people are good at that. Websites should just generate a password for a user, letting them regenerate as many times as they like until they get one they like (without breaking password manager based generation). A bit like this: https://peergos-demo.net/?signup=true

4 comments

ianopolous

Reply
baq  1 day ago

~0 people want to remember passwords. generating passwords for them without offering to securely store them in a password manager strikes me as misguided.

  • ianopolous  1 day ago

    People should absolutely be using password managers where possible.

    A website doesn't have control over whether you are using a password manager though. This is about stopping the human from generating a password themselves, which will be terrible.

    • baq  1 day ago

      I mean, at this point might as well drop the password requirement completely and send an email login link every time a user gets logged out and wants to log back in. It's how 'reset password' feature works for some people anyway.

      1 reply →