Passcode generation guidelines?
Is there any kind of guidelines on passcode generation with regards to UX?
In particular I just ran into a site that used auto-generated codes but the codes it made were impossible to tell if a letter was a D and O or a 0. I i l 1 can also be indistinguishable depending on the type style.
This would seem like it should be a common UX guideline, never generate codes with those characters. Maybe even U V u v should be removed. g q and 9, 6 and G as well. Next to each other sometimes these or more obvious but in a random code it's not always clear.
Do such guidelines exist and are there any other characters that should be avoided? Maybe !
is another one?
Note: this question is not about passwords, it's about passcodes (maybe there is another name). A password is something a user can possible create. A passcode is something a computer creates like emailing you a 6 character code to type in.
For example Apple will popup a 6 digit number, a passcode, on an registered Apple device when you try to log into icloud.com. Apple doesn't have the UX problem above because their passcodes are only digits, no letters.
Conversely some other site had a 10-15 second puzzle to solve, once solved it showed a code
Is that code BB1CA1O8
? BB1CA108
? BB1CA1D8
?
Get the code wrong and you have to re-fill out the form and solve the 10-15 second puzzle again