Tim BrayOct 2, 2024

A poll, aimed in particular at people who think they understand the technologies around password cracking. Assume that there is at least one password that you need to be strong and need to remember & type not-infrequently. How many characters is enough for you to feel comfortable in 2024? Assume any char you can type easily is available.
[May need a follow-up poll if the majority is at >=12]
[Boost if you’re interested in the result]

#infosec

9
3.3%
10
6.2%
11
2.2%
>=12
88.3%
Poll ended at .
Show threadMallory 🏳️‍⚧️
@timbray I’m not particularly an expert at password cracking, but I do have some infosec experience. My password manager’s password is over 40. It’s six random words. Pretty easy to remember and type on keyboard or screen. But I don’t usually type it more than once a day thanks to biometrics.
Oct 2, 2024 at 5:15pmWeb
Show threadMallory 🏳️‍⚧️Oct 2, 2024
@timbray Even the UK government recommends using 3 words as a minimum, which is likely going to be longer than 12 characters: https://www.ncsc.gov.uk/collection/top-tips-for-staying-secure-online/three-random-words
Three random words

Combine three random words to create a password that’s ‘long enough and strong enough’.