
Ask HN: Why do websites let people make their own passwords? - hoodoof
Presumably the password should be unique and the most secure way to make a password is to properly generate one.<p>So why don&#x27;t websites just do it for their users and disallow people making up their own passwords?
======
onion2k
This is why:

<?php

    
    
        function generateNewUserPassword() {
    
             //A really secure password!
             return "4kSj7BFq5ry992xUB$3V33eDkPe*9Et56YKWcu!G^fbEj@Db6bCHDeN4&4V6FG!rYCe2Xx2hDWnAjb$F";
    
        }
    

?>

Everyone gets the same password, but it _looks_ secure.

As a user, you really shouldn't trust that the person who developed a website
you're using is competent. You certainly shouldn't trust them to generate
security credentials for you.

------
anondon
How will the users remember complex passwords? By using password managers. So
you should probably be asking, why isn't everyone using password managers.
Maybe it's because of inconvenience, laziness, not caring or any combination
of the three factors.

------
skaplun
really?

Because websites want customers to remember their passwords and come back to
the service.

~~~
hoodoof
And all the sites nag you to include a capital, a non alpha and a number blah
blah. How is that different?

~~~
skaplun
Ifreakingrock! instead of ifreakingrock, inputted by you with some meaning to
you, is far easier to remember than "Yz52356Dde.."

~~~
CyberFonic
Several years ago I worked at a company where the system generated uncrackable
passwords. They were random jumble of letters and numbers. Nobody could
remember them, so guess what? Most people had theirs written on a PostIt note
and stuck to their screen or on a slip of paper in their top drawer. Almost as
good as leaving the front door key under the mat.

