This is the web site of Denis Defreyne, a software engineer living in Berlin.

Good human-usable tokens are not random strings

This is not a good human-usable token:

PY5FAGNNHTCYTAAG

This is:

H4NL-N3PW-9RFJ-4TPX

The problems with the former are as follows:

  • It can contains words that can have (negative) meaning
  • It is hard to read
  • It has potentially ambiguous characters

These problems can be solved fairly easily:

  • Exclude vowels (A E I O U)
  • Exclude ambiguous characters (B D G Q S Z and 0 1 2 5 6 8)
  • Group characters in chunks of 4 or 5 characters, separated by dashes

This reduces the entropy in the generated token, but because tokens are easier to read and copy, they can be made longer.