On 9/2/06, Brion Vibber brion@pobox.com wrote:
Really it shouldn't be generating passwords ever. :)
In the cases where it does generate a password, this should be changed to a temporary code that lets you get in just far enough to set your own password.
Among other things, this would ensure that people don't have all their account passwords sitting in their e-mail archives for any opportunist to type "password" into their Gmail search...
If you ever do get convinced to generate easier passwords.. Please look at the S/KEY password system. Each phrase encodes 64bits.. which is far better than any passwords that humans are going to generate (killing gerardm's argument).
The problem with any such system is that the password is only easy for people who speak the right language..
What do the folks at the RTL middle eastern languages think of our captchas btw?