When an Apple device generates strong passwords, the structure of that secure password is not completely random.
Instead, Apple has created rules specifically designed to make it easier when you need to enter it manually. easily Memorable…
Ricky Mondello, Apple’s software engineering manager, leads the team responsible for delivering the best possible authentication experience on the company’s devices, and says strong auto-generated passwords aren’t as random as you might think. I responded to a post by someone who I suspect is the case.
Jsveningsson said of Mastodon:
@rmondello There’s an annoying discussion in a thread about Apple-generated passwords. All iOS passwords (such as hupvEw-fodne1-qabjyg) seem to consist of two-syllable “words” that make no sense. Hup-vew, fod-ne, and qab-jyg above. Is this all in my head? Am I going crazy? Is the two syllables by design or random?
Mondello answered questions in the form of a blog post, confirming that the two-syllable structure was indeed by design.
To make it easier to enter these passwords on sub-optimal keyboard layouts that can be difficult to switch between modes, like your colleague’s game controller, these new passwords are actually mostly lowercase.
Passwords are also based on syllables to make it easier to keep small pieces in your head for a short period of time to take with you to other devices. It is a pattern of consonants, vowels, and consonants. Putting these considerations together, our experience is that these passwords are actually very useful for those typing on strange foreign keyboards, although in the rare cases where they may be necessary for some users. is much easier. […]
Therefore, these new passwords are 20 characters long. These include the standard ones: uppercase letters. Most are lowercase letters. I chose the hyphen as the symbol to use. put two and one there [digit].
Of course, ease of use can’t come at the expense of security, and Apple was actually able to confirm that passwords generated according to this structure were stronger than their predecessors.
This blog post is an interesting look at the level of detail Apple considers, even in things we would expect to be random. Mondello also linked to a video discussing this in 2019.
Via Daring Fireball. Image: Video screenshot by Per Thorsheim.
FTC: We use automated affiliate links that generate income. more.
