1 comment

[ 2.9 ms ] story [ 16.8 ms ] thread
Ideally a government provided auth service would use two-factor authentication (e.g., Fido U2F), but if that isn't possible this will at least guarantee a strong password.

But… it's a bit user hostile.

If you must provide a list of pre-generated passwords, why not consider something that can be easily written down by the users who do not use a password manager?

Instead of:

    CE3BE221-A021-4712-9293-AB2554C22282
Do something like:

    Roses 14, mixed mushroom; 66/9 incidental choreographers?
It should be possible to reach a sufficient level of entropy without making the user feel he is a robot.