correct horse battery staple
How did you steal my password??
Witchcraft! Get them!
Interesting to see the linked list of the top 100,000 passwords from the Have I Been Pwned data set
For passwords i have to remember i use passphrases.
But for stored passwords? i like 35 characters. Most services accept it and doesn’t seem to have a con.
And then there are those services that let you enter arbitrarily long passwords in the registration form but only save something like 16 characters.
I hate this situation. What horrible design choices in their code!
I know about them but I haven’t experienced it yet. Hope I never will though.
How would you know?
You wouldn’t. You’d have to find out yourself after not being able to log in despite you being 100% sure that your password is correct :/
No, that’s the point, you’d never know whether they only validate a subset of the password. Only by testing different variations you would know that less than the whole string still works.
It’s a common enough to safely assume i’d guess. I’ve heard many users complain about it despite not me experiencing it myself. They probably didn’t try every single variation of the password but maybe it’s an infamous bug for many services?
I wouldn’t speculate on how common it is but limiting passwords seems to happen more than it should. So maybe many are taking the stealth approach.
One site I know where this happens (at least I experienced it some years ago) was Blizzard. Found out by sheer luck after I clearly fumbled the end of my password and was logged in regardless.
Amen
People gotta stop doing QkFEcEEkJFcwUkQ=
aQuickBrownFoxJumpedOverALazyDog$nuggle9 is far easier to remember and secure.
The article is from Bitwarden, which is a password manager - using them you don’t need to remember individual passwords (or type them, normally).
Bitwarden does have an option to use passphrases, I just tried it and it gave me washtub-moocher-dominoes.
I use auto generated passphrases. It’s mostly for the occasions where I need to give the password to someone, without logging into my bitwarden account, on the device. It’s a lot easier, for comparable levels of security.
aQuickBrownFoxJumpedOverALazyDog$nuggle9 is far easier to remember and secure.
Not really, you have a better chance if you use a completely random set of words. I remember hearing of someone getting their bitcoin stolen from their wallet despite their password being from an obscure Afrikaans poem.
Diceware’s a really good tool for this. https://www.eff.org/dice. There are also websites to generate one for you instead of rolling actual dice.
But it’s only good for passphrases. You’re better off generating a complex password since you can store it in bitwarden.
Not really, you have a better chance if you use a completely random set of words. I remember hearing of someone getting their bitcoin stolen from their wallet despite their password being from an obscure Afrikaans poem.
Precisely why I salted it.
I have to look into password salting. I don’t use it but it’s interesting. Do you use a unique salt for each password or the same one for all?
Always something a bit unique, can’t make it predictable if someone managed to dump a list of em. This also isn’t the formula I used just an example. Random words is also better if your memory is decent, they can even be your salt.
I switched to using word phrases after having to type in these Qjdu37hYdu4sjdh&) |] >[vry monstrosities or communicate them to someone else one too many times.
I’m more of a SphinxOfBlackQuartz,JudgeMyVow:3 kinda guy
