Avoid ambiguous characters
How to avoid melodrama in your writing | writing tips
Someone tried it with a “dumb screen” and failed (standard clamshell with no web browsing ability). This person didn’t have an email address she was willing to share or use for our service. She then went to a desktop computer and typed the activation url into a browser.
However, the activation code turned out to contain enough confusing numbers and letters that it took several tries to get it correct (e.g., ones and zeros were hard to distinguish, “l” or “1” or “O” or “0”).
We plan to deal with the immediate problem by “guessing” which letters and numbers are likely to be confused and avoiding them, or by always using one (e.g., anything that looks like a “1” is always a “1”).
In general, ambiguous characters should be avoided in assigned passwords. Microsoft activation codes are an example; they do not use the letter O because some people can type a zero (0). Similarly, you can trim your list of approved characters to exclude any unclear or perplexing characters. This is the character set I use in created passwords, for example:
How to write realistic and believable novel characters
All of your logins are stored in an encrypted vault that syncs across all of your devices. Only you have access to your data because it is completely encrypted until it leaves your computer. AES-256 bit encryption, salted hashing, and PBKDF2 SHA-256 are used to protect data.
Electron and Angular were used to build the Bitwarden desktop software. There’s also a web application and a command-line interface (CLI) tool, the latter of which exposes a powerful API into your Bitwarden vault, allowing you to write and execute scripts on it. TypeScript and Node.js are used to build the CLI.
How to introduce characters
Is there an easier-to-read subset of alphanumerics already available? Is there a subset that has less visually ambiguous characters, and by excluding (or equating) such characters, we can minimize human error?
I understand that “visually ambiguous” is a waffly word, but it is reasonably obvious that D, O, and 0 are all identical, as are 1 and I. I’d like to raise the number of alpha-numerics in the set while reducing the number of characters that are likely to be misinterpreted.
It may be difficult to differentiate this issue from the typeface used. The visual ambiguity between any two characters can be influenced by the distinctiveness of the characters in the chosen typeface, but I expect that in most modern typefaces, the above characters that are equated would have a close enough appearance to warrant equating them.
For similar purposes (e.g., encoding a key, etc. ), I wanted a substitute for hexadecimal (base 16). The best I could come up with was the following set of 16 characters, which can be used as a replacement for hexadecimal:
Togashi’s trans characters
Safe-random-password wraps secure-random to ensure that your passwords are created using a cryptographically secure source of entropy, regardless of whether you’re using the browser or Node.js. It has the ability to create passwords with arbitrary levels of complexity.
It’s simple to pass a predicate that makes randomPassword(…) take an inordinate amount of time (or never return). Predicate can only be used to evaluate a negative: “this password does not contain too many repeated characters,” “this password does not contain a sequence like ‘123’,” and so on. You catch my drift.
People use passwords to prove their identity. But often all we need is a key or a random id. Since the resulting string will be remembered by a computer, there’s no need to sacrifice entropy to make it more memorable/typeable/whatever.