Characters to avoid in automatically generated passwords

Read Choosing Secure Passwords.

One interesting tidbit from there: For more secure passwords, make sure some numbers and special characters appear in the middle. Cracking programs check for them at the beginning and ends sooner.


My preferred method is to get a word list of 3, 4 and 5 letter words. Then select at least 2 of those, and place a random 2 digit number or special symbol (%&*@#$) between each word. If you want to you can capitalize up to one character per word at random.

Depending on your strength requirements you end up with easy-to-remember and communicate passwords like:

  • lemon%desk
  • paper&boy32hat

Keep in mind you occasionally get interesting or inappropriate combinations of words (I'll let you use your imagination). I usually have a button allowing the generation of a new password if the one presented is disliked.

As a rule, only use symbols that people commonly know the name for. On a US Standard keyboard I would avoid ~`'/\^

I guess this more answered your rider question than your main question . ..

Good luck!


As another option, you could use a monospace/terminal font like courier for printing the passwords. Similar characters should be a lot more distinguishable that way.


Here are the character sets that Steve Gibson uses for his "Perfect Paper Password" system. They are "characters to allow" rather than "characters to avoid", but they seem pretty reasonable for what you want:

A standard set of 64 characters

!#%+23456789:=?@ABCDEFGHJKLMNPRS
TUVWXYZabcdefghijkmnopqrstuvwxyz

A larger set of 88 characters

!"#$%&'()*+,-./23456789:;<=>?@ABCDEFGHJKLMNO
PRSTUVWXYZ[\]^_abcdefghijkmnopqrstuvwxyz{|}~

For pronounceable passwords, I'm not familiar with the algorithms but you might want to look at APG and pwgen as a starting point.