Mastodawn

Tim Bray Oct 2, 2024

A poll, aimed in particular at people who think they understand the technologies around password cracking. Assume that there is at least one password that you need to be strong and need to remember & type not-infrequently. How many characters is enough for you to feel comfortable in 2024? Assume any char you can type easily is available.
[May need a follow-up poll if the majority is at >=12]
[Boost if you’re interested in the result]

#infosec

9

3.3%

10

6.2%

11

2.2%

>=12

88.3%

Poll ended at Oct 3, 2024 at 4:27pm.

Show thread

Jamie McCarthy

@timbray I can’t really answer this without knowing the plausible attack vectors. My answer for a password someone can try to brute force offline, with as much compute as they could throw at it, is very different from a password I can assume the attacker only has rate-limited web attempts at, or one where attempts go through my phone’s secure enclave.