Tim BrayOct 2, 2024

A poll, aimed in particular at people who think they understand the technologies around password cracking. Assume that there is at least one password that you need to be strong and need to remember & type not-infrequently. How many characters is enough for you to feel comfortable in 2024? Assume any char you can type easily is available.
[May need a follow-up poll if the majority is at >=12]
[Boost if you’re interested in the result]

#infosec

9
3.3%
10
6.2%
11
2.2%
>=12
88.3%
Poll ended at .
Show threadAndrew BeresfordOct 2, 2024
@timbray I have my password manager set to 32 by default.
Show threadChris Gerhard 
@beezly @timbray I'm continuously shocked by how many sites won't accept 32 char passwords.
Oct 2, 2024 at 5:44pmWeb
Show threadAndrew BeresfordOct 2, 2024
@chrisgerhard @timbray especially as they should be storing something like a PBKDF2 hash where the length of the input has zero relevance to what the application has to store in the backend.