Nicholas B.
Proton(If I hadn't shared them) which would be the best password and why?
A) WinterMoon38
B) Flame!Rider204
C) J7$kP2!mQx9#L
D) Echo-Bicycle-Violet-77&
Pixel Dunn@protonprivacy i know best is C but i use method B
Karl@hacknorris in terms of entropy, D is far better than C.
@hacknorris @protonprivacy i use some sort of D
Juergen M. Bruckner@protonprivacy
C: because it consists of random characters, including lowercase and uppercase letters, numbers, and special characters.
The others may be included in word lists because they appear in dictionaries.
@juergen fyi: https://xkcd.com/936/
The entropy of D is far greater than the entropy of C.
@karl
Okay, that sounds interesting... learned something new again.
Okay, that sounds interesting... learned something new again.
BypassBlues 🌻 🇪🇺 🇺🇦@protonprivacy
D cause length
D cause length
Stéphane Bortzmeyer@protonprivacy No Unicode non-ASCII character? That's bad.
Graham Downs@protonprivacy I'd probably go with C), because it's the least human-readable (mind you, programmatic hacking tools don't care about human readability). D) is longer, and is more memorable (although if you use a password manager, you shouldn't require memorability).
A) is weak because it contains consecutive o's -- which I was always taught was a bad thing -- and has no special characters. B) is probably okay.
Tricky one. I dunno.
What's the correct answer?
Cats of Arrakis@protonprivacy I would pick C but it's D, right? Because of character count? Wouldn't it be best if it were words that were spelled wrong, or not in a dictionary?
Dirge@CatsofArrakis @protonprivacy When the words themselves are plentiful enough, have no discernable reason to be used together, and have at least a couple extra characters to poison the dictionary attack, then you're only going to be able to brute force it and at that point entropy is all that matters.
The only thing I'd change would be separating the words with just dashes. I think you could keep the password memorable enough by using something else or varying the separating characters.
Flock of Cats 🐈 🐈 🐈 ❄️D) assuming you have a sufficiently large diceware-type dictionary 🤓
Klaus FrankD, but only as long as that schema was not mandated or the attacker knows that you're using it.
After that C.
But Really just use a local non-cloud password manager like KeePassXC and generate a 120 character password that just gets filled in on the correct website after clicking on it...
Gareth 🏴@agowa338
Then cry because the website says passwords have to be between 8 and 16 characters long…
@protonprivacy
Then cry because the website says passwords have to be between 8 and 16 characters long…
@protonprivacy
Murray 🇪🇺 
@MurrayWindripper @gareth @protonprivacy
Devtools and remove the event handler for paste with a single click.
Guillaume Betous@protonprivacy The longest: D
SirWumpus 👾🍁C for its complete randomness. Then D because of length, but using the same separator between words is a pattern and that words are capitalised normally, when it should be more random are flaws.
Progenitus@protonprivacy
Obviously B, because it's the coolest.
And jokes aside: D, because size matters
Hactario@protonprivacy D, la réponse D. Longest one, easy to remember, hardest to break (Casse, Numbers, special chars)
gram' OR 1=1 --
Sascha Presnac 🙄🤦♂️@protonprivacy D -> more length is mathematicly better
K501@protonprivacy As i State: that would be my choice, a combination of c) and D) =
Echo-Bicycle-Violet-77&J7$kP2!mQx9#L
Echo-Bicycle-Violet-77&J7$kP2!mQx9#L
정아름@protonprivacy All of them are compromised now. so none of them are safe
@protonprivacy Joke aside, I'll use C for websites (generated with password manager) and D for my password manager
Urix Turing
Alex@jarm @protonprivacy The post literally starts with "If I hadn’t shared them" 🤦
🐦🔥nemo™🐦⬛ 🇺🇦🍉@protonprivacy D I guess? Length 🤔
Below are screenshots of the test results
@nemo @protonprivacy wooww i would have thought C was unbreakable too
WILLIAM B PECKHAM@Simx72 @nemo @protonprivacy there are no unbreakable passwords. There are just passwords that take more time to break than the access is worth. And when the new wave of quantum computing gets going, we may have the ability to break the most complex passwords in minutes instead of months. This is why two-factor authentication and large, complex, passkeys that are cryptographically complex have become normal.
Ketumbra@protonprivacy e) use a passkey!
Otherwise D - there are more possible word combos than letter combos
Otherwise D - there are more possible word combos than letter combos
Jensf) realize passkeys are really non standard and all over the place implementation wise, used different on various websites, depending on what OS or OS family you are in handled completely different and backing them up or replacing them when a device is lost you accidentally (or was enforced) to use is a nightmare and then simply cry and use d)
/s :)
@JeGr @protonprivacy I just save them in #protonpass - works everywhere.
Still need a bootstrap solution to get into proton in case I ever lose all my devices together though...
Still need a bootstrap solution to get into proton in case I ever lose all my devices together though...
@ketumbra @protonprivacy yeah there is one kind that goes with Proton. Others won't. Others want your device to be the key. Others are nightmarish to back up or won't let you save them where they could be "shared". That thing is a nightmare waiting to happen. Hell no. I already had two incidents as supporting role to help with. It would've been WORLDS easier to just have a PW manager & solid MFA in place. That's not a solution to a problem, but a landmine waiting to go boom at the worst second
@JeGr @protonprivacy device bound keys sound secure but the backup problem is real if you're not part of a large org with multiple admins.
Gregoire@protonprivacy pasword D. Because its the longest and easiest to remember.
Splinux 
@protonprivacy D, longer, uses combination from a massive dictionary, the English one, and has alphanumeric. Can be remembered even by a human, is less secure than C, but C is a useless password without a tool to remember it (i.e. an extra attack surface).
ginkgotrees@splinux @protonprivacy I don't think D it's less secure than C. D is longer so harder to break... Isn't it?
@ginkgotrees @protonprivacy Yeah I know mathematically more length makes for more entropy. But as I put 50 zeroes I am not making it more secure, then putting words from a dictionary should reduce entropy. Because I can count how many bytes are "truly" random makes me say C has more entropy than D.
There's no relationship among its components while the other is 90% made up of relations. One just need to figure out an attack on that relationship. It's more secure because i don't know the attack.
Felipe Cerda@protonprivacy D because of its length
Bart Smit △ ⲁⲗⲍⲓⲙⲟⲛ 🇪🇺🇺🇦@protonprivacy Considering that nowadays everyone uses a decent password manager, definitely C.
C++ Wage SlaveThere is no best answer. C looks as if it has the highest entropy, but it's also the most likely to be written on a note taped to the underside of the keyboard.
@CppGuy @protonprivacy You mean there are people who don't use a password manager? They're wrong.
Louis
LazouA mix of C and D would be best, because it combines high complexity (random characters) with greater length, making it more resistant to brute-force and dictionary attacks.
_marco_
Steve lebt in Freiheit@protonprivacy the best password will always be password1234
Androcat@steve_lebt_in_freiheit @protonprivacy
It's so popular, so it must be good
The_Universality@protonprivacy D by me. Easier to remember, long, uses special characters, lowercase/uppercase & numbers.
Although, using password manager (self-hosted) and having passwords consistent of at least 40 characters would be better, or a passkey (not-synced)
radar man from the moonE) magiclink 😏
Sproid 
@protonprivacy Option D. Passwords should be long but easy to remember and type.
Jerry on Mastodon@protonprivacy
Depends on the purpose.
J7$kP2!mQx9#L is best for password managers because it's long, random, and has multiple special characters. It is difficult for a human to memorize, though, which is why it's best to use a password manager, like ProtonPass, to remember it.
Echo-Bicycle-Violet-77& is best as a master password, although technically slightly weaker than the other, but a human can remember it and can type it in when necessary. It's good though because it has special characters too, is long, and has upper- and lowercase letters and numbers.
Lunar 🛸 ♾@protonprivacy Secret answer E) this entire toot
@protonprivacy C, the rest include dictionary words? (Assuming best means strongest)
Dictionary words aren't a problem unless you only have one.
Crunching a random string of characters is only as strong as the string is long, so 13 characters like in C is not great.
@androcat @protonprivacy Today I Learned. Thank you.