Apple Engineers Explain the Rationale Behind Keychain's Randomly Generated Passwords: Memorable in the Short Term but Not in the Long Term
Brook.X
Apple's password manager (formerly known as Apple Keychain) supports the generation of strong passwords. However, compared to passwords generated by other password managers, those created by Apple's password manager have a distinctive feature.
Take the password manager 1Password as an example: it generates random passwords that usually include uppercase letters, lowercase letters, numbers, and special symbols, like this one: F:cQu+Fe!HZ-2@6FKcjY.
In contrast, passwords generated by Apple's password manager look more like this: hupvEw-fodne1-qabjyg. Although they include special characters, letters, and numbers, they resemble certain words.
In reality, these syllabic character combinations are not actual words. This design, not coincidentally crafted by Apple engineers, intentionally generates passwords resembling bisyllabic words.
The Deep Meaning Behind This Type of Password Design:
Apple engineers claim that the core purpose of this type of password is to be memorable for users in the short term but not in the long term. Why adopt such a peculiar design philosophy?
The reason is to facilitate users in inputting passwords on keyboards with less-than-ideal layouts, such as typing on a virtual keyboard on a screen with a game controller's remote. Users might need to glance at parts of their password to input it.
These passwords use characters based on syllables, including consonants (of which Apple chose 19), vowels (of which Apple chose 6), and consonant patterns. Based on experience, selecting such passwords makes typing on non-standard keyboards relatively convenient.
Of course, the actual design also considers password strength and website compatibility issues. For instance, some sites only allow certain special characters, and characters like @ or ! might not be supported, so Apple opted for the hyphen - as its special character.
Additionally, for security reasons, Apple reserves a dictionary of potentially offensive words on the device side. If the Apple password manager generates a password that matches a word in this dictionary, the password is immediately filtered out and a new one is generated.
The ultimate effect of this design ensures that while maintaining security, the generated passwords are easy for users to glance at and remember in the short term, yet difficult for most users to remember in the long term.
Read the original article: Ricardo Mondello's Blog Post on Apple's Strong Password Generation
