• falsemirror@beehaw.org
    link
    fedilink
    arrow-up
    12
    ·
    11 months ago

    Many PW managers let you generate passphrases, which are all around better than random strings. Length is the most important factor so

    finance-caffeine-utopia-redress-unseen

    Is way stronger and easier to remember (and type) than

    Fl7$j4FWw)&5O

    • Myaa@beehaw.org
      link
      fedilink
      arrow-up
      3
      ·
      11 months ago

      Huh, TIL. I had no idea that was an option but that’s super useful for things I need to type in on a device with no keyboard, or even things I can’t access my password manager for. Thanks for the protip there!

    • Murkhat@feddit.de
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Is it really safer? I mean when trying to bruteforce a password, one would have to make a guess whether it’s a passphrase or not. But if you decided to check for pass phrases, wouldn’t the one you posted be cracked in 5 times the amount of words in that dictionary? I’m not sure how large the vocabularies of the generators are, but I would guess a random 17 char password might be safer than a 5 phrases password?

      • Scary le Poo@beehaw.org
        link
        fedilink
        arrow-up
        5
        ·
        11 months ago

        but I would guess a random 17 char password might be safer than a 5 phrases password

        And you would be very wrong about that. A 5 phrase password has entropy. “finance-caffeine-utopia-redress-unseen” is 28 characters. If you add in a different symbol between the words and add a number somewhere, this password becomes incredibly difficult to brute force.

        I’ll let xkcd explain it better.

        • Murkhat@feddit.de
          link
          fedilink
          arrow-up
          1
          ·
          11 months ago

          Youre right,different separators, numbers and even capital letters change my theory alot

    • esaru@beehaw.org
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      11 months ago

      And pass phrases are faster to type and with less typos even though they need more characters than passwords to be the same secure.