Ideally a government provided auth service would use two-factor authentication (e.g., Fido U2F), but if that isn't possible this will at least guarantee a strong password.
But… it's a bit user hostile.
If you must provide a list of pre-generated passwords, why not consider something that can be easily written down by the users who do not use a password manager?
1 comment
[ 2.9 ms ] story [ 16.8 ms ] threadBut… it's a bit user hostile.
If you must provide a list of pre-generated passwords, why not consider something that can be easily written down by the users who do not use a password manager?
Instead of:
Do something like: It should be possible to reach a sufficient level of entropy without making the user feel he is a robot.