How long should a password be? | Bitwarden
bitwarden.com
Ever wondered how long your passwords should be for strong security? Experts recommend a random mix of at least 14 to 16 characters for every unique password.
    • einkorn@feddit.orgEnglish
      6·
      1 month ago

      And then there are those services that let you enter arbitrarily long passwords in the registration form but only save something like 16 characters.

            • amorpheus@lemmy.worldEnglish
              2·
              30 days ago

              No, that’s the point, you’d never know whether they only validate a subset of the password. Only by testing different variations you would know that less than the whole string still works.

                • amorpheus@lemmy.worldEnglish
                  2·
                  30 days ago

                  I wouldn’t speculate on how common it is but limiting passwords seems to happen more than it should. So maybe many are taking the stealth approach.

                  One site I know where this happens (at least I experienced it some years ago) was Blizzard. Found out by sheer luck after I clearly fumbled the end of my password and was logged in regardless.

  • Toes♀@ani.socialEnglish
    104·
    1 month ago

    People gotta stop doing QkFEcEEkJFcwUkQ=

    aQuickBrownFoxJumpedOverALazyDog$nuggle9 is far easier to remember and secure.

    • Deebster@infosec.pubEnglish
      13·
      1 month ago

      The article is from Bitwarden, which is a password manager - using them you don’t need to remember individual passwords (or type them, normally).

      Bitwarden does have an option to use passphrases, I just tried it and it gave me washtub-moocher-dominoes.

      • cynar@lemmy.worldEnglish
        2·
        1 month ago

        I use auto generated passphrases. It’s mostly for the occasions where I need to give the password to someone, without logging into my bitwarden account, on the device. It’s a lot easier, for comparable levels of security.

      • Toes♀@ani.socialEnglish
        4·
        1 month ago

        Not really, you have a better chance if you use a completely random set of words. I remember hearing of someone getting their bitcoin stolen from their wallet despite their password being from an obscure Afrikaans poem.

        Precisely why I salted it.

          • Toes♀@ani.socialEnglish
            2·
            1 month ago

            Always something a bit unique, can’t make it predictable if someone managed to dump a list of em. This also isn’t the formula I used just an example. Random words is also better if your memory is decent, they can even be your salt.

    • criitz@reddthat.comEnglish
      2·
      1 month ago

      I switched to using word phrases after having to type in these Qjdu37hYdu4sjdh&) |] >[vry monstrosities or communicate them to someone else one too many times.

  • Tempo [he/him]@hexbear.netEnglish
    5·
    1 month ago

    if you have to ask, not enough. i once had a bank whose system didn’t accept any password longer than 10 characters, and that was only after i called them up and asked why i couldn’t log in