Passwords are outdated in the sense that the current best practice is to use a password manager that automatically generates a unique high entropy password (read: completely garbled mess no human would ever remember) for every website or service you use. Most of the replacement for them, however, are less secure garbage that can easily be obtained either through social engineering or by the authorities, so you know.
Even then, you’re better off with a passphrase as they are longer, easier to remember, and are harder to brute force. It’s like a dictionary resistant password.
The absolute best practice is to add random spaces that don’t correspond to syllables. A 10 character password can go from taking a few seconds to crack to several hundred years with a few well placed spaces.
That said, there are databases out there that don’t like spaces, and for some reason lots of financial institutions are this way.
Fucking ridiculous in 2023. If I want to have a 300 character password, that’s my business, hate these arbitrary rules of a max number, no special characters…
depending on what you mean by passphrase, “dictionary resistant” is kind of the opposite of how I’d describe them. Sure they’ll be long and unique but an english language dictionary will surely make bruteforcing them a lot easier
From what I understand it doesn’t help at all. I’m not a crypto (cool crypto, not fake banking) guy but from what I know passphrases generate much entropy. That said, I stick with passwords that are easier to enter, but still pretty high entropy
Passwords are outdated in the sense that the current best practice is to use a password manager that automatically generates a unique high entropy password (read: completely garbled mess no human would ever remember) for every website or service you use. Most of the replacement for them, however, are less secure garbage that can easily be obtained either through social engineering or by the authorities, so you know.
Even then, you’re better off with a passphrase as they are longer, easier to remember, and are harder to brute force. It’s like a dictionary resistant password.
The absolute best practice is to add random spaces that don’t correspond to syllables. A 10 character password can go from taking a few seconds to crack to several hundred years with a few well placed spaces.
That said, there are databases out there that don’t like spaces, and for some reason lots of financial institutions are this way.
I just hate fucking sites that tell me it has to be under 16 characters. Like wtf
Fucking ridiculous in 2023. If I want to have a 300 character password, that’s my business, hate these arbitrary rules of a max number, no special characters…
depending on what you mean by passphrase, “dictionary resistant” is kind of the opposite of how I’d describe them. Sure they’ll be long and unique but an english language dictionary will surely make bruteforcing them a lot easier
multiple language passphrase and proper nouns
From what I understand it doesn’t help at all. I’m not a crypto (cool crypto, not fake banking) guy but from what I know passphrases generate much entropy. That said, I stick with passwords that are easier to enter, but still pretty high entropy