Characters to avoid in automatically generated passwords

Question

I need to generate some passwords, I want to avoid characters that can be confused for each other. Is there a definitive list of characters I should avoid? my current list is

il10o8B3Evu![]{}

Are there any other pairs of characters that are easy to confuse? for special characters I was going to limit myself to those under the number keys, though I know that this differs depending on your keyboards nationality!

As a rider question, I would like my passwords to be 'wordlike'do you have a favoured algorithm for that?

Thanks :)

Answer 1

Here are the character sets that Steve Gibson uses for his "Perfect Paper Password" system. They are "characters to allow" rather than "characters to avoid", but they seem pretty reasonable for what you want:

A standard set of 64 characters

!#%+23456789:=?@ABCDEFGHJKLMNPRS TUVWXYZabcdefghijkmnopqrstuvwxyz 

A larger set of 88 characters

!"#$%&'()*+,-./23456789:;<=>?@ABCDEFGHJKLMNO PRSTUVWXYZ[\]^_abcdefghijkmnopqrstuvwxyz{|}~ 

For pronounceable passwords, I'm not familiar with the algorithms but you might want to look at APG and pwgen as a starting point.

Answer 2

My preferred method is to get a word list of 3, 4 and 5 letter words. Then select at least 2 of those, and place a random 2 digit number or special symbol (%&*@#$) between each word. If you want to you can capitalize up to one character per word at random.

Depending on your strength requirements you end up with easy-to-remember and communicate passwords like:

• lemon%desk
• paper&boy32hat

Keep in mind you occasionally get interesting or inappropriate combinations of words (I'll let you use your imagination). I usually have a button allowing the generation of a new password if the one presented is disliked.

As a rule, only use symbols that people commonly know the name for. On a US Standard keyboard I would avoid ~`'/\^

I guess this more answered your rider question than your main question . ..

Good luck!