this post was submitted on 03 Nov 2023
301 points (87.2% liked)

Technology

59666 readers
3080 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Salamendacious@lemmy.world 2 points 1 year ago (4 children)

What's do you think is a good length? I think it has to be at least 10 but over 15 is much better.

[–] Something_Complex@lemmy.world 13 points 1 year ago (4 children)

Idk exactly how accurate this is but seems valid

[–] atkion@sh.itjust.works 9 points 1 year ago (1 children)

The colors on that are kinda confusing. 6tn years is yellow, but 2k years is green?

[–] SnipingNinja@slrpnk.net 4 points 1 year ago

It seems like the designer didn't notice the error

[–] dbilitated@aussie.zone 3 points 1 year ago (1 children)

I wonder if this assumes the cracker knows how long etc the password is when they start cracking.

I always make my passwords "a" because I figure they'll start cracking attempts at 5 characters 😁

[–] fosstulate@iusearchlinux.fyi 2 points 1 year ago

In EVE Online that's called 'getting underneath the guns'. 🎓

[–] echodot@feddit.uk 1 points 1 year ago* (last edited 1 year ago) (1 children)

Why is 1,000 years yellow in that graph?

If a password can't be broke in 1,000 years it is utterly unbreakable in any effective sense of the term. No one's going to run the program for a thousand years because even if they did it wouldn't be relevant at the end of the process.

Hell even 51 years is pushing it.

[–] The_Vampire@lemmy.world 4 points 1 year ago

Well, the rate passwords can be tested at now may not always be the rate passwords can be tested at later. Computers were, at one point, growing exponentially faster in terms of processing power. There are still several emerging technologies out there that could cause significant speed-ups.

It's certainly better to future-proof your passwords.

[–] 314xel@lemmy.world 7 points 1 year ago

It depends on how the password is stored / KDF used (what type of hash, salting, bcrypt, etc).

Judge for yourself if it's an old website or old piece of software that might use (god forbid) MD5. Since one would not normally know that, I'd go with 20 (good, cryptographically) randomly generated upper/lower/digits if using a password manager, or 40ish characters passphrase if you need to remember and/or easily type it. Add some punctuation / special chars (spaces, commas, dots, paranthesis, etc) if it's an important masterkey (ie password manager key, encrypted container, etc) and you have decent typing skills.

Some shitty sites / routers don't accept certain special characters hence go with upper/lower/digits as standard but use longer lengths (if the shitty site allows you and doesn't limit that too). Limits to what a password should contain and/or length limits would be a sign of lazy programming and poor password management, so treat them as unsecure from the get-go (yes, even big names like Oracle have piss-poor security or lazy implementation). Good programming nowdays shouldn't have those limits, as user input sanitization / injection protection exists, and hash functions have a fixed length no matter what the input length is.

Also very important, don't reuse passwords for online accounts. Hence a password manager remembering them for you. There are still websites storing passwords in plain text. You wouldn't want your local pizza hut know or leak your email password by being hacked.

[–] PlexSheep@feddit.de 2 points 1 year ago (1 children)

Rookie numbers. Max out the character limit.

Seriously tho: go for at least 80 bit randomized characters. If it's something you have to type, use a couple of random words. Longer passwords are exponentially more secure.

[–] Salamendacious@lemmy.world 1 points 1 year ago

All I can picture in my head is Matthew mcconaughey telling Leonardo DiCaprio he needs to masturbate more