
Show HN: Create pronounceable random passwords using Orthography rules - NousMind
https://nousrandom.net/passwordmaker/orthgraphicpasswords.html
======
NousMind
The goal is not to create words that are in the dictionary. A concept is to
create a batch of passwords, then look down the list to find one that CLICKS
with your brain. You can change the default number of passwords created to
very large numbers. Simply look down the list until you find one that works
for you.

It is likely that combinations will create difficult to pronounce or remember.
Such is why you should create a batch and then choose one that works for you.

I do not want to start adding too many creation rules as doing such can make
it easier for a hacker to eliminate possibilities.

Another way to use it is just click your browser refresh when viewing the
results page. A new set of passwords will be generated. If you do not see one
that works for you, just refresh again until you find one that does. If you
are generating multiple words per password, nothing prevents you from mixing
and matching from multiple entries to create your own.

I have a blog post that discusses how I modified the algorithm. Originally I
used 3 to 5 letter orthographies and the results were not much better than
random characters. You can read my discussion on my blog

[http://www.nousmind.com/blog/2016/08/25/changes-made-to-
the-...](http://www.nousmind.com/blog/2016/08/25/changes-made-to-the-
orthography-password-creator/)

------
DanielStraight
This is a clever idea. I really don't want this to come off as discouraging
because I love stuff like this.

That said...

This shows the limitations of relying on orthography as a proxy for phonetics,
especially in a language like English where the spelling is such a disaster.

In my mind, "eoptoesw" and "quwyh" are not pronounceable as English.

And is "twutinn" pronounced too-tin or am I supposed to pronounce the "w"
somehow? And if I remember my password is too-tin, how do I know it wasn't
_spelled_ tootin or twotin or twotinn or tutinn or tutin or...

At the very least, you should consider which consonant clusters can occur at
the beginning, middle and end of words. They can't all occur everywhere. Then
I'd try to eliminate as many homophones as possible. That might get you a lot
closer to truly pronounceable and non-ambiguous passwords.

