6d ago

How long should a password be?

bitwarden.com How long should a password be? | Bitwarden

Ever wondered how long your passwords should be for strong security? Experts recommend a random mix of at least 14 to 16 characters for every unique password.

27 comments

MASSIVE

correct horse battery staple
- How did you steal my password??
  
  Witchcraft! Get them!

People gotta stop doing QkFEcEEkJFcwUkQ=
aQuickBrownFoxJumpedOverALazyDog$nuggle9 is far easier to remember and secure.
- The article is from Bitwarden, which is a password manager - using them you don't need to remember individual passwords (or type them, normally).
  Bitwarden does have an option to use passphrases, I just tried it and it gave me washtub-moocher-dominoes.
  
  I use auto generated passphrases. It's mostly for the occasions where I need to give the password to someone, without logging into my bitwarden account, on the device. It's a lot easier, for comparable levels of security.
- aQuickBrownFoxJumpedOverALazyDog$nuggle9 is far easier to remember and secure.
  Not really, you have a better chance if you use a completely random set of words. I remember hearing of someone getting their bitcoin stolen from their wallet despite their password being from an obscure Afrikaans poem.
  Diceware's a really good tool for this. https://www.eff.org/dice. There are also websites to generate one for you instead of rolling actual dice.
  But it's only good for passphrases. You're better off generating a complex password since you can store it in bitwarden.
  
  Not really, you have a better chance if you use a completely random set of words. I remember hearing of someone getting their bitcoin stolen from their wallet despite their password being from an obscure Afrikaans poem.
  Precisely why I salted it.
- I'm more of a SphinxOfBlackQuartz,JudgeMyVow:3 kinda guy
- I switched to using word phrases after having to type in these Qjdu37hYdu4sjdh&) |] >[vry monstrosities or communicate them to someone else one too many times.

For passwords i have to remember i use passphrases.
But for stored passwords? i like 35 characters. Most services accept it and doesn't seem to have a con.
- And then there are those services that let you enter arbitrarily long passwords in the registration form but only save something like 16 characters.
  
  I hate this situation. What horrible design choices in their code!
  
  I know about them but I haven't experienced it yet. Hope I never will though.

if you have to ask, not enough. i once had a bank whose system didn't accept any password longer than 10 characters, and that was only after i called them up and asked why i couldn't log in

Interesting to see the linked list of the top 100,000 passwords from the Have I Been Pwned data set

27 comments