Some Passwords Should Be Exceptional
When you’re using a password manager, they usually come with a tool to generate passwords as well. Mostly, they either generate a series random characters, or a longer series of random real words. Both are secure enough to be effectively uncrackable, given the right parameters.
For my own passwords, I mostly have been using a wordlist to generate passwords. They’re plenty long- ending up being over 60, sometimes 80 or more characters, and beyond 128 bits of entropy- Perfectly acceptable. Slap 2FA on top of that, and you’re golden.
They’re passwords that are by all means secure, uncrackable, and unguessable- but it was deemed no good, because there wasn’t a number.
It makes me think that just as there are heuristics for password minimums, there ought to be heuristics for password maximums– Exceptions to the baseline password rules once some certain thresholds are exceeded.Over 60, 75 characters? Allow an exception.Over 128, 256 bits of entropy? Allow an exception.
Hi, if you’ve read this far, my cat, Rosie, is in need of help, and I am financially at the ends of my means doing so. Please donate to help her! The story of Rosie is both on her fundraiser page as well as on the GoFundMe page itself. All donors who publicly share their names are enshrined on Rosie’s webpage, too.
/cdn.vox-cdn.com/uploads/chorus_asset/file/23951293/STK087_VRG_Illo_N_Barclay_7_bitcoin.jpg)
