Meet Flowstate: Fast, Memorable Passphrases Humans Can Actually Type ★ Asteros

Today we’re releasing flowstate.pw, a passphrase generator that produces credentials that are strong, fast to type, and actually memorable. No accounts, no tracking, nothing leaves your browser. You can try it right now. The rest of this post is about why we built it in the first place.

The Research Settled This Years Ago

We test authentication systems constantly, and not in a lab. We test real production applications used by real customers. And over the course of enough engagements, you start to recognize that authentication failures tend to come from one of two directions.

The first is simple neglect. Password rules assembled sometime around 2006 and never revisited. Forms that look serious and accept “password” without complaint. We have seen this recently, in production, in software used by real businesses. It is more common than it should be.

The second is more interesting because it comes from good intentions. These are the systems with strict complexity requirements: uppercase, lowercase, numbers, symbols. The designers wanted rigor. What they got was Password1! and Summer2024@, which satisfy every rule on the list and appear in every serious wordlist an attacker would run. Complexity requirements that feel demanding actually push users toward predictable patterns, because humans under constraint optimize for memorability, not entropy.

Mandatory rotation makes it worse. Users who have to change their password every 90 days learn to increment: Password1! to Password2! to Password3!. Attackers who obtain an old credential know to try the obvious sequence first.

NIST SP 800-63B put the modern framework on paper in 2017, with further updates since. The guidance is not ambiguous: length matters and complexity requirements don’t, mandatory rotation is counterproductive, systems should screen against known-breached passwords, and passphrases are a better target than short scrambled strings.

The research behind all of this had been accumulating for years before NIST formalized it. The problem is that a meaningful portion of the web didn’t get the memo, or got it and ignored it, and auditors who don’t know the research can accidentally reward the organizations still following the old rules.

The actual goal is simple: a credential drawn from a large, unpredictable search space. Length achieves this in a way that complexity theater does not.

Password Vaults Are the Right Answer, Until They Aren’t

The correct solution for most passwords is a good vault. Generate a random 20-character string, store it, and never think about it again. You don’t type it, you don’t memorize it, the vault handles it. Tools like Bitwarden, 1Password, and KeePass make this straightforward, and if you’re not using one you should be.

The problem is that a vault doesn’t go all the way down. At some point there’s a credential you have to type from memory, without autofill, possibly under pressure. Your vault master password is the obvious one. A LUKS passphrase at disk encryption boot. An emergency administrative account on a server you’re reaching from a machine that doesn’t have your vault installed. A WiFi password you need to read off one device and type on another.

These credentials tend to matter more than most others. They protect the thing that protects everything else, or they’re the contingency you reach for when normal systems aren’t available. And they’re precisely the ones where the gap between “theoretically strong” and “actually usable” gets people into trouble, because passwords that are painful to type get shortened, reused, or quietly replaced with something worse.

That’s the gap Flowstate is meant to close.

What Flowstate Does

The core idea is simple: words are selected so that when you type them on a QWERTY keyboard, your hands alternate. That sounds like trivia until you type a few outputs and notice how different they feel from a random word sequence. Alternating-hand typing is faster and more rhythmic, with a lower error rate. When your hands trade off with every keystroke, the motion becomes automatic. When the same hand handles a run of characters, friction accumulates, and friction is where the bad security decisions happen. People shorten passwords because they’re annoying to type. They reuse them. They pick easier ones next time.

Flowstate offers two alternation modes. Strict enforces alternation at the individual letter level, meaning every single character switches hands. Loose mostly alternates but allows occasional same-hand pairs within a word, which opens up a larger word pool. Both produce good results; strict gives you the smoothest typing experience, and loose gives you more candidates to work with.

Beyond alternation, you can configure word count, separator, capitalization, numbers and symbols, and word length filters. Complexity options like capitalization and symbols are there because individual preferences vary and because you don’t always get to control the password policy of the site or tool you’re authenticating into. If a system requires a symbol, the tool won’t fight you on it. The tool also exposes a crack time model where you set the hash algorithm and attacker hardware. Everything runs locally in your browser. Nothing leaves your machine.

The Threat Model Is Part of the Design

The crack time estimates Flowstate displays are calculated under a deliberately pessimistic assumption: the attacker knows you used this tool. They have the same word list, they know the structure of the output, and they’re running an optimized attack against it. Security that depends on an attacker not knowing your methodology is weak security. The strength has to come from the combinatorics.

Under those conditions, a six-word passphrase against bcrypt cost 10 and a nation-state attacker with an estimated 10,000 GPUs produces crack times measured in thousands of years. A three-word passphrase against the same model drops to a matter of days, which might be acceptable for a WiFi password and is probably not acceptable for a vault master password or a disk encryption key.

The tool lets you see this directly, and lets you adjust the attacker model to match your actual situation rather than the worst possible one. Not every password needs to survive a nation-state. Some do. Understanding the difference is the point.

Why We Built This

Across enough engagements, the same gap kept appearing. The credentials that had to be strong and also had to be typed and also had to be remembered were either too short, too predictable, or generated by something that didn’t consider what it actually feels like to type them. Usability is not a soft concern that trades off against security. It’s a security property in its own right, because tools that are annoying to use correctly get used incorrectly.

Flowstate is our answer to a specific, practical problem. If you’re responsible for production authentication systems, or heading into a SOC 2 or HIPAA audit where those controls are going to get scrutinized, that’s where our testing work starts. Reach out if it’s useful to talk through what that looks like.