Do you know how long your password should be? A strong password should be able to withstand a supercomputer guessing a few hundred billion combinations per second.

The vast majority of people don't know what entropy is or how to calculate it. The article offers a simple, practical set of guidelines.

@protonmail 36 characters. Usually 'cause the sites won't let me use more. If they do, I go all out. And try and use 1024 or more characters.

@typicalnightowl @protonmail I usually do 4-8 words of diceware from a list of 1,000ish words.

So 40 to 80 bits, I guess?

@CharredStencil @protonmail
So, a passphrase of sorts? 🤔

Is that more secure than "random" numbers, letters(some non english ones too) and Asian language character sets?

Or about the same?

@typicalnightowl @protonmail Whatever you do, make sure a computer comes up with it. Humans are terrible sources of entropy.

I prefer diceware because it's simpler to type, resists errors if handwritten, and you can say it over the phone (for security questions) unlike a Base64 password where an attacker can say "I just put gibberish"

@CharredStencil @protonmail
Hmm, perhaps I'll use that from now on.

My passwords are usually impossible for the average person to remember or even read let alone type. 😂

I like to have entropy levels of 600+ with my passwords.

I'ma see if I can get that with diceware (=^m^=)

@typicalnightowl @protonmail With the 1,024 most common English words, you'd need 60 words to hit 600 bits of entropy. (you just divide by 10 since 1,024 is 2 to the 10th power)

I assume you're copy-pasting anyway, so have at it

@protonmail I normally use Diceware passwords that can sustain 1 trillion guesses per second for a comfortable amount of time.

Sign in to participate in the conversation

Invite-only Mastodon server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!