2024-10-18 18:25:00
Passwords app on an iPhone” style=”margin: auto;margin-bottom: 5px;max-width: 100%” />
A Mastodon user questioned Ricky Mondello — who for years led Apple’s “Authentication Experience” team — about the structure of iOS-generated passwords, which appear to be composed of meaningless two-syllable “words” like “hupvEw-fodne1-qabjyg”.
If you’ve also noticed this before, know that Mondello replied to this user on his official blogoffering very interesting details about how this feature works, which is now part of the brand new Passwords app (Passwords) do iOS 18.
The structure of passwords is intentional, as explained in a 2018 talk called “How iOS Encourages Healthy Password Practices” (“How iOS encourages healthy password practices, in Portuguese) and which you can read in full (in English) below:
According to Mondello, passwords are designed to be easy to type on less than ideal keyboards and are dominated by lowercase characters. Passwords are also syllable-based to make them easier to remember temporarily.
Bailey explained that this password format generates passwords that are easier to type on foreign keyboards, maintaining security with 71 bits of entropyabove the 69 bits of previous format. Apple also has a dictionary of offensive terms that filters passwords generated with these substrings 1.
Suggested passwords are 20 characters long, include an uppercase character, are dominated by lowercase characters, use two hyphens as symbols, and contain a single digit. The character combination was chosen to be compatible with most existing websites. The syllables are not real and are randomly chosen from 19 consonants and six vowels, with five possible positions for the digit.
Therefore, iOS-generated passwords contain meaningless two-syllable “words.” These syllables help make them temporarily memorable but still difficult to memorize permanently.
via Six Colors
Footnotes
1729279566
#ExApple #Explains #Logic #iOS #Strong #Password #Suggestions
