Apple Passwords’ Generated Strong Password Format

This post briefly summarizes part of a talk I gave in 2018. All information in this post has been accessible on YouTube since then. There is no new information or news in this post.

On Mastodon recently, jsveningsson@mastodon.social asked me:

Having an annoying argument on Threads about Apple generated passwords. Every iOS Password (like hupvEw-fodne1-qabjyg) seems to be constructed from gibberish two-syllable “words”. Hup-vew, fod-ne and qab-jyg above. Is this all in my head? Am I going crazy? Is the two-syllable thing by design or random?

This is not in their head, they are not “going crazy”, and the two-syllable thing is by design. Let me explain!

I gave a talk in 2018 called, “How iOS Encourages Healthy Password Practices”, that told the story of this generated password format. Although the talk is a bit dated now, it also covers other topics related to password management that, given that you’re reading this post, you might be interested in.

I explain the thinking behind the generated strong password format at 18 minutes and 30 seconds into the video:

To make these passwords easier to type on suboptimal keyboard layouts like my colleague’s game controller, where the mode switching might be difficult, these new passwords are actually dominated by lowercase characters. And to make it easier to short-term have in your head little chunks of it to bring over to the other device, the passwords are based on syllables. That’s consonant, vowel, consonant patterns. With these considerations put together, in our experience, these passwords are actually a lot easier to type on a foreign, weird keyboard, in the rare instances where that might be needed for some of our users.

And we weren’t going to make any changes to our password format unless we can guarantee that it was as strong or stronger than our old format. So if you want to talk in terms of Shannon entropy once again, these new passwords have 71 bits of entropy, up from the 69 from the previous format. And a little tidbit for folks who are trying to match our math — [note that] we actually have a dictionary of offensive terms on device that we filter these generated passwords against and we’ll skip over passwords that we generate that contain those offensive substrings.

So these new passwords are 20 characters long. They contain the standard stuff, an uppercase character. They’re dominated by lowercase. We chose a symbol to use, which is hyphen. We put two of them in there, and a single [digit]. We picked this length and the mix of characters to be compatible with a good mix of existing websites.

And a few more details: These aren’t real syllables as defined by any language. We have a certain number of characters we consider to be consonants, which is 19. Another set we consider to be vowels, which is six. And we pick them at random. There are five positions for where the digit can go, which is on either side of the hyphen or at the end of the password.

So yes, the passwords that Apple Passwords generates do contain gibberish two-syllable “words”. The syllables help them to be memorable briefly, but still not memorizable. I hope this helps!