[lupusreal]

Do you vet the JS this site sends you every time you use if, or do you trust that because it was client side in the past it will always remain so? Also, picking four random words "meat side" is pretty easy in my experience, but using a client side (not browser) password manager neatly solves the "inane password complexity requirements" problem.

[codetrotter]

This is an opportune moment to plug my command-line passphrase generator.

Open source, runs on your machine.

It makes passwords like:

    tiptoeing saxophone wholesaler luxurious leftover codeword eruption gnarly skies taco username affidavit

I named it pgen

Get it from https://github.com/ctsrc/Pgen

[brookst]

If nothing else that would force me to finally learn to spell affidavit. Or just give on on whatever I locked behind that phrase.

[zoky]

Have you, uh… had a lot of opportunity to misspell “affidavit”?

If so, please let me know the name of your SaaS so I can steer well clear of it…

[brookst]

It’s one of those words I use just rarely enough to never learn how to spell, like supeena, deeposition, and perjery.

[kodis]

I occasionally use words that I have trouble spelling as part of a password. I learn 'em fast, let me tell you!

[thewakalix]

Sounds like "Word Disassociation".

https://genius.com/Lemon-demon-word-disassociation-lyrics

[jamesponddotco]

I'll go with the flow and plug mine too, called acopw (get it, Accio Password, I'm so funny):

https://git.sr.ht/~jamesponddotco/acopw-cli

It can generate diceware passwords, random passwords, PINs, and UUIDv4.

It uses my own Go module for this, which comes with a list of words with over 23 thousand words:

https://git.sr.ht/~jamesponddotco/acopw-go

[keybored]

I use a 1000-line word list, head(1), shuf(1) and then tr(1) to join the lines.

[yjftsjthsd-h]

I've just been using

    shuf -n 5 /usr/share/dict/words

and then manually typing them in, optionally adding any special characters or whatever the particular site requires. Changing 5 as needed, of course.

[codetrotter]

One of the neatest bonuses that you get from using pgen instead is that it can also tell you the amount of entropy of passphrases that each combination of settings (wordlist, number of words) will produce. This alone should ideally be reason enough to adopt pgen :)

[bmacho]

> Do you vet the JS this site sends you every time you use if,

Hit ctrl+s

Which you should do even if you fully trust the website owner anyway