Tim BrayOct 2, 2024

A poll, aimed in particular at people who think they understand the technologies around password cracking. Assume that there is at least one password that you need to be strong and need to remember & type not-infrequently. How many characters is enough for you to feel comfortable in 2024? Assume any char you can type easily is available.
[May need a follow-up poll if the majority is at >=12]
[Boost if you’re interested in the result]

#infosec

9
3.3%
10
6.2%
11
2.2%
>=12
88.3%
Poll ended at .
Show threadkat 🌻Oct 2, 2024
@timbray 6 or 7 diceware words.
Show threadPuppetheadOct 2, 2024

@kataclyst @timbray This. As xkcd 936 illustrates, "random" passwords are super hard for humans to use, and made-up passwords tend to be predictable even with substitutions.

More words can always be used to increase strength, and diceware-style phrases are pretty easy to remember if you use them enough.

Show threadilikecats
@puppethead @kataclyst @timbray Link: https://xkcd.com/936/
Password Strength

xkcd
Oct 2, 2024 at 10:28pmWeb