Characters to avoid in automatically generated passwords
Solution 1
Here are the character sets that Steve Gibson uses for his "Perfect Paper Password" system. They are "characters to allow" rather than "characters to avoid", but they seem pretty reasonable for what you want:
A standard set of 64 characters
!#%+23456789:=?@ABCDEFGHJKLMNPRS
TUVWXYZabcdefghijkmnopqrstuvwxyz
A larger set of 88 characters
!"#$%&'()*+,-./23456789:;<=>?@ABCDEFGHJKLMNO
PRSTUVWXYZ[\]^_abcdefghijkmnopqrstuvwxyz{|}~
For pronounceable passwords, I'm not familiar with the algorithms but you might want to look at APG and pwgen as a starting point.
Solution 2
My preferred method is to get a word list of 3, 4 and 5 letter words. Then select at least 2 of those, and place a random 2 digit number or special symbol (%&*@#$) between each word. If you want to you can capitalize up to one character per word at random.
Depending on your strength requirements you end up with easy-to-remember and communicate passwords like:
- lemon%desk
- paper&boy32hat
Keep in mind you occasionally get interesting or inappropriate combinations of words (I'll let you use your imagination). I usually have a button allowing the generation of a new password if the one presented is disliked.
As a rule, only use symbols that people commonly know the name for. On a US Standard keyboard I would avoid ~`'/\^
I guess this more answered your rider question than your main question . ..
Good luck!
Solution 3
Read Choosing Secure Passwords.
One interesting tidbit from there: For more secure passwords, make sure some numbers and special characters appear in the middle. Cracking programs check for them at the beginning and ends sooner.
Solution 4
As another option, you could use a monospace/terminal font like courier for printing the passwords. Similar characters should be a lot more distinguishable that way.
Solution 5
For an international client several years ago, I had to generate random, secure passwords that were then mail-merged into documents by my client and sent by postal mail to recipients in 40 countries. Not knowing what typeface was to be used in the documents, I used a list of characters like the Steve Gibson 64-character set to eliminate the confusion between similar glyphs.
To make the resulting passwords pronounceable, and thus easier to remember, I paired consonants and vowels together, with some consonant digraphs (sh, th, wh, etc.) added to the mix.
To reduce the chances of inappropriate or offensive words from being generated (in English or in the recipients’ languages), I limited runs of consecutive alpha characters to two, with numerals or punctuation characters betwee:
Es4tU$sA6
wH@cY8Go2
Looking back over my method now, I realize that there was room for improvement in the inappropriateness algorithm. Using the just the rules above, some offensive words are possible now that some numerals and punctuation are substituted for letters.
Comments
-
Loofer about 2 years
I need to generate some passwords, I want to avoid characters that can be confused for each other. Is there a definitive list of characters I should avoid? my current list is
il10o8B3Evu![]{}
Are there any other pairs of characters that are easy to confuse? for special characters I was going to limit myself to those under the number keys, though I know that this differs depending on your keyboards nationality!
As a rider question, I would like my passwords to be 'wordlike'do you have a favoured algorithm for that?
Thanks :)