top | item 43794868

(no title)

smeg_it | 10 months ago

I'm no expert, but I did take a CISSP course a while ago. One thing I actually remember ;P, is that it recommended long passwords in in lieu of the number, special character, upper, lower ... I don't remember the exact wording of course and maybe it did recommend some of that, but it talked about having a sentence rather than all that mess in 6-8 characters, but many sites still want the short mess that I never will actually remember

discuss

vlovich123|10 months ago

While the password recommendation stuff is changing (the US government updating it guidelines last year), it’s generally best practice to not share passwords which itself implies using a password manager anyway which makes the whole “long passphrase” vs “complex” password moot - just generate 32 lowercase random characters to make it easier to type or use the autogenerated password your password manager recommends.

The long passphrase is more for the key that unlocks your password manager rather than the random passwords you use day to day.

kbolino|10 months ago

There's also login passwords, and depending on how many systems you have to log into, these can be quite numerous. There are some attempts to address this with smartcards and FIDO tokens and so on, but it's not nearly universal yet. At least SSH keys are common for remote login nowadays, but you still need to log into some computer directly first.

smeg_it|10 months ago

I guess I'm weird, I use my browser, yet I haven't wanted to store that in the cloud, so it doesn't sync to my phone. Let me know if that's paranoia isn't justified. For me, if it becomes more universal, something like a yubi key that I can keep on my key-chain might work.

mcoliver|10 months ago

entropy is stronger than complexity. https://xkcd.com/936/

joseda-hg|10 months ago

I wonder how many people have used Correct Horse Battery Staple as a password thanks to this comic