

Ask HN: Forbid users from chosing their own passwords? - iwwr

What if online services did not allow users to chose a custom password, but rather generated a reasonably entropic but easy to remember password/phrase?<p>One way to do it is with synthetic words or phrases that are easy to pronounce in English and optionally, a number or an underscore.<p>These easier to remember passwords would still be weaker than strong custom passwords, but would provide an overall better account security.<p>What do you think?
======
captaincrowbar
There's no such thing as an "easy-to-remember password", because people have
so many passwords. Do you think your site's password is the only one your
customers need to remember? Most people with any kind of online life will have
so many logins that memorizing even the more important ones (in their opinion,
not yours) is out of the question, no matter how the individual passwords are
chosen or generated.

(I just checked my own password vault, and I have about 80 of them. This is
probably fairly typical for anyone who spends a lot of time on the internet.)

"Forbid users from choosing their own passwords" is functionally equivalent to
"require users to write down their passwords".

------
swombat
If you try hard enough, you can probably get rid of all your users! With no
users, you'll have no security risk whatsoever! Brilliant!

