A while back, the web comic XKCD had a great observation on picking passwords and password strength. Usually people pick a word and use “leet speek” to convert letters to numbers and think that’s secure. It’s only marginally more secure than picking a dictionary word.
The password-choosing technique that I have used for about as long as I can remember is based around a Python script called password.py. I have no idea where I originally found this script, but I always try to have it around. It consults your computer’s dictionary file, grabs two random words, then joins them together with a letter or symbol in the middle. You end up with things like “tine^miner”. I usually have to run it a dozen times until I get two words that “work” for me and my brain. My main problem with this script is that when I’m first setting up a new machine, I don’t always have the script available. It would be nice to have something portable. My iPhone is ubiquitous, so I thought I’d write an app, but realized that more people would find an HTML5 “app” useful than a native iPhone app.
This generator is a little more flexible than the Python script I used. You can tell it the number of words you want and whether you’d like a separating symbol between them, which increases the difficulty in someone’s attempt to brute-force your password. The symbols were selected to be easy to get to on an iPhone, that is, they reside only on the first page of symbols without needing to shift first to symbol mode, then shift to the alternate symbol mode.
It looks great on the iPhone and is at least fully functional (if not always so pretty) on all other HTML5 platforms. Give it a shot, if you’d like!