philipmw / phrase.shop Goto Github PK

Capital letters are required for many passphrases, but phrase.shop's attitude toward that is, "just capitalize it yourself." But maybe customers want a capitalized phrase delivered?

Some options are to randomly capitalize the start of each word, to randomly capitalize the first word, or even randomly capitalize any letter.

Right now, the app displays the last generated phrase indefinitely, but it does not persist it in any local storage.

This means we don't control if/when the phrase disappears from the customer. It depends on the browser. For mobile devices, it depends on memory pressure.

The customer may want us to clear the phrase more aggressively. They can already close the tab/window, but maybe they forgot and hand the device to someone else who can unintentionally see the phrase.

Or the customer may want us to be conservative and persist the phrase until they explicitly clear it. I've had it happen that I generate a phrase, set it as the password on an important system, then forget it-- and it was already gone by then.

I see three possible approaches:

1. Clear phrase after X time (optimize for security).
2. Keep current behavior. Let the browser manage it. (optimize for simplicity).
3. Persist phrase in local storage until explicit customer action. (optimize for data integrity).

I don't have a clear answer.

Although we'd need to warn the user:

By rerolling, you are decreasing the effective entropy of your passphrase because you are expressing a preference that an attacker may take advantage of.

This warning needs UX design.

Instead of 1--6 letters, aim for 4--6 to help customer meet minimum passphrase length requirements.

<adjective> <noun> <verb>s is more memorable than <word> <word> <word>.

In phrase.shop v1, you'd first build a phrase from parts (which requires no entropy), then generate it (which does). With dice entropy, the app would let you build the phrase but keep the Generate button disabled until you roll the dice enough times. This ensured we don't try to generate the phrase until we have enough entropy.

In v2, building and generating are combined into one step, but the entropy check now happens at the wrong time and for the wrong amount.

Needs UX design. What are the use cases? An organization setting a minimum bar?

I keep zooming in unintentionally.

Once I configure my perfect <verb> <noun> <digit> <digit> <adjective> <noun>, I want the app to remember this, or I want to be able to bookmark this configuration.

Good list here: https://www.faa.gov/airports/planning_capacity/passenger_allcargo_stats/passenger/media/preliminary-cy19-commercial-service-enplanements.pdf

Needs UX design. Allow drag and drop, or only (x) to delete?

https://webpack.js.org/blog/2020-10-10-webpack-5-release/

Right now, while the phrase is animating, everything below it (disabled buttons, text) is jumping around. This is especially pronounced on mobile.

Redesign the UI so there is no jerking. One idea is to fade out everything below the animation, then bring it back once the animation is done.

Now: <noun> <verb> => fish defeat

Wanted: <noun> <verb> => fish defeats or fish defeated

This will improve memorability.

Just for fun.

Right now we collect entropy bits only from the first 2^n sides of dice. We discard rolls on sides above that.

For example, for six-sided dice, we collect entropy from sides 1--4 but discard rolls landing on 5 and 6.

This is wasteful and may be confusing to the user.

To collect entropy from the largest range of dice sides, we need to implement algorithm Q2 from this paper: http://markus-jakobsson.com/papers/jakobsson-ieeeit00.pdf

https://en.wikipedia.org/wiki/Count_noun

Many nouns we have in the wordbank are not count nouns, so pluralizing them does not make sense. For example, "3 weathers" shouldn't be allowed.

Split the current wordbank of nouns into count nouns and not.

It does not show spinner buttons, so I have to backspace, and as soon as I erase the last digit, the app crashes.

I would like to be able to create my own custom preset

It would appear that an update has removed the ability to choose your own parts
I would like the ability to choose my own and then save that set of parts as a custom preset

So where there are currently 3 buttons, a fourth choice could be added for the user's custom preset that could be used when returning to the site

For brand recognition, let's put the favicon into the UI somehow. My latest thinking is to put it into the buttons.

https://web.dev/render-blocking-resources/

Ensure that transitive verbs are used only with a direct object.

Right now the app is very dark, which is good for dark mode, but maybe not so good for light mode. Let's have two styles, one for light and one for dark modes.

Right now, during phrase animation, sometimes real plaintext shines through. The real plaintext is visually distinct from animation temp plaintext, so it is distracting. Plus we don't want to reveal the plaintext til animation is finished.

This seems to happen in the beginning of animation and is especially visible with long phrases.

I suspect it is because we generate temp plaintext for each slot incrementally, and before we generate the temp plaintext for a slot, it defaults to displaying its real plaintext. If so, we can solve it by generating temp plaintext for all slots at animation start, before the incremental algorithm starts.

1. Add an H1 tag
2. Add sitemap.xml (how)
3. Lengthen TITLE tag
4. Lengthen meta description to 70--320 characters
5. Add robots.txt

https://web.dev/meta-description/

Right now almost all parts of phrase are black, except for color type which is intense blue.

Let's give subtle coloring to nouns vs verbs to cue the reader to understand phrases easier that have ambiguous words.

This is annoying to the user.

The UI right now looks very high contrast and alarming. I have some ideas for how to improve it.

http://markus-jakobsson.com/papers/jakobsson-ieeeit00.pdf

I note that I can disconnect my network and the page still works

However, if (for whatever reason) the page is reloaded/refreshed; then the app can not be reloaded.

I request that it can be installed as a chrome web app to allow for true offline use.

This link might explain the relevant info https://developer.chrome.com/blog/getting-started-pwa/#service-worker-for-offline-caching

It can become tedious to manually enter each dice value with a click on a button.
Especially when those first 6 dice have icons that are very hard to see without squinting.

Please add a text entry box that allows multiple dice values to be entered at once using a space or comma etc, to separate the values.

This way a user can throw multiple dice and type the values instead of matching them to values on a screen that need to be clicked (it's more optimized to enter them on a keyboard where the user may already know the positions of the keys such as the Numpad)

Additionally, they could potentially copy and paste the values from a premade CSV string of their dice results - making it much faster to enter dice rolls as opposed to generated ones (making it less likely a user will choose the generated option for convenience reasons - which is less secure)

Set up a canary to alert me if the site ever goes down or breaks.

Today, making a verb plural uses a home-brewed algorithm that's often wrong. Wrong pluralization is confusing, distracting, and makes phrases less readable and memorable.

I do not want to rely on a 3rd party library (or worse, a service) to pluralize, since phrase.shop has minimal dependencies today and that's a virtue.

Let's also consider other conjugations for verbs, to make phrases more expressive and increase entropy.

Fry words are an alternative to Voice of America.