
New UI to guarantee stronger user passwords - fulldecent
https://privacylog.blogspot.com/2016/09/password-strength-meter.html
======
Freak_NL
Ideally a government provided auth service would use two-factor authentication
(e.g., Fido U2F), but if that isn't possible this will at least guarantee a
strong password.

But… it's a bit user hostile.

If you must provide a list of pre-generated passwords, why not consider
something that can be easily written down by the users who do not use a
password manager?

Instead of:

    
    
        CE3BE221-A021-4712-9293-AB2554C22282
    

Do something like:

    
    
        Roses 14, mixed mushroom; 66/9 incidental choreographers?
    

It should be possible to reach a sufficient level of entropy without making
the user feel he is a robot.

