UUIDs are good passwords.

V4 - yes. V1 and v2 - nope

A password that you can remember is way better. An UUID or half UUID does not even make a difference security wise. That thing is more unique than every grain of sand on earth. Why would you want that.

Password only stored in brain is the safest. Include a swastika, i'm sure it won't get hacked by brute force.

But no, UUID's are terrible passwords, especially because it requires you to store them, and storing passwords is incredible bad idea.

And if you don't give enough fucks about the password, why the fuck would it be an UUID?

The logic these days is like AAAAAAAAARGH

Remembering passwords is stupid, has less entropy, bet you reuse it across a bunch of sites, and is still vulnerable to phishing

On top I want to add, an UUID has no special chars enough or is too long for a password field. So much flaws.

@devRancid some people have the capacity.

Not remembering, but on occasion you must be able to copy certain passwords by hand. Especially if you follow your earlier advice and store them in a paper notebook.

@tamagotchi If a UUID is too long for the password field there's something piscatorial in the works.

I just want to note that passwords are actually meant to be text that you can remember.

If it’s something generated with random symbols then it‘s more of an auth key.

@Lensflare I feel like this is where passphrases came around. From security perspective they're the same as passwords, but from user perspective they might be better.

I like a good passphrase.

The best ones are grotesquely obscene. Makes them more memorable and also gives you a powerful incentive not to accidentally type them into that teams chat on the other screen.

@donkulator OstreamSucks0nT1d3Pods

Whoops…

@tamagotchi

Upvote as in it's better to have something you remember, yes.

Besides that, UUIDs are indeed more entropy than atoms in the solar system. So they make good passwords that don't need hashing nor salting. (Bear in mind you still wanna do this if only to maintain secrecy).

@kiki I think I have seen password generators literally use UUIDs

@whimsical agree about the password manager, though I would like an "account" manager, that just remembers which sites you've logged into

@donkulator @Lensflare and then they don't allow spaces

Ubisoft is 12 characters from what I remember (or maybe was it 10, some insane low number)

@BordedDev mine does for the hex part https://miloxeon.codeberg.page/libr...

@kiki Nice, any reason you went with the UUID format/style?

@BordedDev uhhh it's not uuid. I mean the hex part of the password is taken from randomUUID() call result

@kiki isn’t randomUUID() redundant?
Any UUID is random already. And you can’t create one that is more random than any other one.

@Lensflare uuid v1 is far from being random. I would prefer tc39 to call this function “UUIDv4”, but I suppose uuid committee (Microsoft) has plans to do all future improvements on uuid without changing the format itself. Thus, when a critical vulnerability is found in v4, randomUUID() can just be made to generate v5, instead of making the whole world’s worth of websites to update their function calls

@Lensflare

I guess random as in the method of constructing it, but yeah, wouldn't be an UUID if it weren't random.

@Lensflare actually “UUIDv4” is a lame name for a function because it starts with a capital despite not being a class name. “uuidv4” is lame because “v” and “uuid” aren’t equal in their meaning, but they’re equal in their casing. Those acronyms man. Call it “uuid4”, but that ain’t gonna happen — that’s too kikish for mainstream software

@kiki Microsoft?!
Don’t they have their own UUIDs called GUID?

@kiki yup, anything that has an abbreviation has this problem in camel case.

SmallPDFFile?
SmallPdfFile?
SmallpdfFile?

No matter how you put it, it‘s wrong.

@Lensflare I was wrong. It's IETF and open software foundation. I'm so grateful it's not ms :D

@kiki universallyUniqueIdentifierVersion4()

@kiki I meant the 7 char and hyphens

@BordedDev not all hyphenated char blocks are uuids

@kiki sure was just curious about the choice

Also uuidV4?

@BordedDev what uuidV4?

@kiki for the function name, just joining on the conversation above

@BordedDev ah. Hate that capital V!

@kiki Fair enough, I don't think version should be in function names either.

What about uuid(UuidVersion4) - granted that would only work in languages that more dynamic for the dynamic amount of parameters