DEV Community

Cover image for correct horse battery staple

Posted on

correct horse battery staple

There are a lot of places with obnoxious limitations to the characters you can put on a password, or even worse, to te length of it.

If you don't take anything away from this post, at least take that: password fields should allow any character and be long enough for your users to not notice ever the length constraint.

There are people using password generators and pasting 250 character long strings. Make their life easy, because they are doing their part.

But, alas, if you don't use a password manager but still want to have secure passwords, that are easy to remember but hard to guess, then the best tip on the internet is this:

xkcd: Password Strength

Password Strength

And if you know me, I usually face problems by throwing ruby at them, so, here we go:


  • you are on GNU/Linux or you can provide a text file with a list of words for your target language
  • you have ruby installed


#!/usr/bin/env ruby

module PasswordGenerator
  extend self

  # replace this with your language:
  WORDS = '/usr/share/dict/spanish'

  def run
    puts((1..4).map { safe_words.sample }.join(" "))


  SAFE_SET = /\A[A-Za-z]+\Z/.freeze

  # avoid non-ascii to save trouble
  def safe_words
    @safe ||={ |w| SAFE_SET.match(w) }

  def words
    @words ||="\n")

# this executes the run method if the file is run as a command if __FILE__ == $PROGRAM_NAME
Enter fullscreen mode Exit fullscreen mode

The intended use is to run it a couple of times until some combination of words hits you with an image or story you feel able to retain.

Cover Image by Jan Alexander from Pixabay

Top comments (1)

baweaver profile image
Brandon Weaver

Fun fact: The XKCD site was hacked, and the second most common password used was "correct horse battery staple"

You can also use grep for === responding objects like Regexp:

@safe ||= words.grep(SAFE_SET)

grep_v will do the inverse (because grep -v in Unix). As of Ruby 2.5 (iirc) the predicate methods (any?, all?, none?, one?) also take === responding objects directly.