

Generating pronounceable passwords - yread
http://www.blackwasp.co.uk/PronounceablePasswords.aspx

======
DanBC
> _This leads to further insecure practices, such as creating a paper-based
> list of user names and passwords that could be stolen._

"Never write down your password" should probably be considered harmful. The
main attacks on my passwords are not people who have access to a bit of paper
in my wallet, but large criminal gangs on another continent. So long as the
paper is treated as something valuable it's better to have good passwords
written down than bad passwords that I can easily remember. Also, muscle
memory helps, and it only takes a week or so to remember a good password, at
which point you can destroy the paper.

People in some industries will not be able to write passwords down - but they
wouldn't be generating this kind of pronounceable password anyway.

The answer is, again, look at diceware to generate strong phrase which you
then use with your reputable password safe.

