top | item 16315650

(no title)

"How Long is Long Enough?" is an incorrect way to think about password security. In 2018 64 characters is a completely reasonable minimum standard. Nobody should be remembering their passwords anymore so why does it matter how long it is? 128 characters is reasonable. 256 characters is reasonable. 1,024 characters is reasonable. It's all handled by the password manager and typed in for you.

Allowing shorter passwords has the effect of throwing foolish people under the bus for the benefit of increased entropy.

I would have posted this on Troy Hunt's blog but he banned me for disagreeing with him in the past. Because he's an entertainer in a technology show business and not the amazing genius expert that people seem to think he is.

discuss

No comments yet.