Check this box to affirm you have no conflict of interest.
on
Website
Short description
An open source, credential and password generator website that can be used offline
Why I think this tool should be added
It can make strong passphrases that more closely resemble “phrases”, with multiple and well documented strength levels.
@davidcollini I noticed that you seem to agree with @Ph00lt0 's opinion on the redundancy of the service, so I would like to make an analogy comparing SoftwareCompare’s usefulness with StrongPhrase’s. I believe that what makes SoftwareCompare stand out despite PrivacyGuides’s recommendations and comparisons, is that the more visual and tabular format helps with digestablity, understandability, threat modeling, and debatably, precision. Likewise, StrongPhrase can produce easy, memorable, passphrases. Their explanation for the different passphrase strengths allows users to determine the most suitable one for their threat model, and furthermore understand password strength as a whole.
Section on Privacy Guides
Passwords Overview, Email Aliasing (maybe if and when this is added, that latter section can be changed to Alias Services)
Wow that was a really great analogy. I might have to use to that sometime lol
As for my thoughts on Strongphrase, I would personally avoid using a separate application for generating passwords as sentences. I believe minimalism is a good approach for privacy in reducing complexity, and reducing potential attack surface. Regardless, if we find that there’s a decent amount of people who care about creating logical passphrases instead of random ones, I wouldn’t be opposed to Privacyguides adding the app to the site with a preface that it is not a necessary if you’re already using a password manager.
The amount of people that will be interested in what lengths are required at what services is extremely niche. People want something that takes the hassle away from them and have a secure login. That’s what a password manager does perfectly. I honestly see no point in recommending something that basically nobody will use.
I think StrongPhrase is great at generating Passphrases for your Password Manager’s master password. The Identity generator is also useful as a free tool that I don’t think we have a good other example of besides MySudo, but MySudo isn’t ephemeral last I checked whereas StrongPhrase’s identity generator is
Hey folks. StrongPhrase developer here. Thanks for proposing this. Happy to answer questions.
I actually agree that the length of passphrase is a pretty significant downside to this approach. I did an “entropy per character” analysis in the FAQ. And the EFF Diceware word lists are much more efficient in that regard.
In the long run, diceware is a lot more efficient to type once you memorize it. But StrongPhrase passphrases are much easier to memorize.
Here’s a breakdown of where the identity generator gets its info:
Names, phone numbers, and birthdays come from Faker.js which has a very large set of names. First names and last names are randomly paired, meaning there is a large universe.
Usernames come from the same set of words that the passphrases are generated from. Pulling from 4 sets of 512 options for the “Other Usernames” (Adj + Noun) format. And 121 animals and 278 adjectives for the “Animal Usernames”
Passphrases come from the passphrase generator. (Unsurprisingly)
Images come from a large set of different generators. The “Real Photo” set draws from 178 images. The “AI Generated Photo” draws from a set of 200 images. The other ones are pieced together from a set of configuration options with thousands of unique resulting images.
Hope that helps!
Edit: This thread inspired me to update the identity page. It now has an FAQ outlining this information.
Amazing breakdown thank you for clarifying everything! The development of this site is really interesting, and I think it will become a staple in everyone’s privacy arsenal if continuously updated
Some feedback:
Emailnator is great service, but you should probably put a warning that anyone can access their temporary email and that it should in no way be treated like an alias email (I know this seems like common knowledge to us but some newbie might conflate the two)
The 178 real photos are great, but I often find when cycling through there’s a lot of repeats. Is there no way to scrape for example thousands of LinkedIn profile pictures? Although there may be some benefits to a small set of photos that everyone uses to sort of blend everyone’s data together when someone reverse search an image and there’s thousands of conflicting / poisoned data. For example, if dozens of people have the same “fake” profile picture, does it make everyone “blend in” or would it for example make an advanced AI automatically flag an account as fake. Kinda complex thinking but I guarantee there is already advanced algorithms that can detect when an account is a bot / fake info.
In my humble opinion you should remove the AI generated photos entirely as people are sort of hip to bot accounts now and can immediately tell if an image is AI, especially with uncanny portraits.
I would also reorganize the top nav bar and put the “Phone Passcode” and “Cracking Times” into one section on the far right as they are functionally the same concept.
Username generator would be nice to have more options like special characters, min/max character amount, etc.
Definitely add a dark/night mode if you can.
Total side note but when I google “strong phrase” a bunch of quote websites popup . I recommend putting a crap ton of metadata key words to improve your SEO.
All in all this is a phenomenal tool and I would ignore the previous comment who very clearly did not do a deep dive into the site and probably spent a total of 10 seconds on it
Well don’t get me wrong. There is nothing wrong with your project itself. I also love that for those who are interested it is being discussed here and has its showcase and all. That makes a lot of sense and you are most welcome to talk about it. However, I just don’t think it brings a lot on the table for people who have to get into their privacy journey and find recommendations on how to do so.
So I think your solution is pretty neat for people who look for such but I don’t see much of a usecase for an average internet user.
I agree, I definitely see more value here as an educational tool than a privacy tool, so while not pointless I don’t really see where this would go in our guides.
In a “Other” section where you mention such privacy related tools that are not really services but just a privacy and security related resources. Other things that can go here are websites like dnsleaktest.com, ip.me, addr.tools, etc.
