Recent searches
Search options
What have you learned about passwords and password security that you wish everyone knew? 
Stop limiting the length of password fields (to reasonable amounts), and stop limiting what chars are valid. Measure entropy instead of silly rules like "one uppercase, one lowercase and a number" to validate the strength of submitted passwords.
(And check new passwords against https://haveibeenpwned.com/Passwords!)
@bitwarden I can make my password length 9999 chars long but if the folks looking after the servers don't do a good job, my account can still get pwned!
| 
| 
| 
@bitwarden@fosstodon.org Those services that can reset your password later just because "your password doesn't met the complexity requirements" stores your password in cleartext. How else will they know you don't have a special character in your password???
@bitwarden Correct Horse Battery Staple.
@bitwarden Remembering and thinking of new passwords passwords is a stress generator. A password manager gets rid of all that and frees brain capacity.
@bitwarden but apparently not enough to write comprehensive sentences 
@bitwarden Passphrase managers have been targeted by hackers since at least the 1990s. Use them at your own peril.
Better yet: only use them when being paid to use them to collaborate in group environments with shared credentials. Do your best to avoid them in all other circumstances.
Look into OpenSSH's support for S/KEY, one-time pads have been used in secure comms for many decades for good reasons.
If a passphrase manager is for profit? Don't just avoid, stop trusting people who recommend.