← Back to notes

Good human-usable tokens are not random strings

This is not a good human-usable token:

PY5FAGNNHTCYTAAG

This is:

H4NL-N3PW-9RFJ-4TPX

The problems with the former are as follows:

It can contains words that can have (negative) meaning
It is hard to read
It has potentially ambiguous characters

These problems can be solved fairly easily:

Exclude vowels (A E I O U)
Exclude ambiguous characters (B D G Q S Z and 0 1 2 5 6 8)
Group characters in chunks of 4 or 5 characters, separated by dashes

This reduces the entropy in the generated token, but because tokens are easier to read and copy, they can be made longer.

Links to this note

Avoid naughty words in hex digest strings by changing the set of characters