P@sswords

What's the optimal password length?

Attached: KeepAss.png (1200x1200, 120K)

420

it doesnt really fucking matter, as long as your passwords isnt fucking "kittens"

infinity - 1

If you don't have to type the password your self, as long as the site allows or your password generator can do.
If you have to type it manually, 7 words passphrase is more than enough even the attacker knows you use passphrase.

4 phrases maybe mix them with multiple language

At least 32 characters

great now i have to change it, thanks a lot blabbermouth

strlen("correct horse battery staple")

For anything that can't be brute forced (e.g. almost all web logins), even 32 bits of entropy should be enough, with 48+ for paranoid tier.
For stuff that can be bruteforced, depends on how easy it is to do so: stuff that uses slow password hashes like bcrypt, argon2, pbkdf2, etc., you can afford to have ~64 bits or so, otherwise 128+ to be safe. If it's an important password (e.g. your password manager's passphrase), err on the safe side.

cementhouseflatterystable?

According to the new guidance, usability and security go hand-in-hand. In short, the new NIST guidance recommends the following for passwords: An eight character minimum and 64 character maximum length.

Anything you don't have to remember (manager) can be say, 64chars. Your VeraCrypt pw should be long, but rememberable - mine's over 50 chars.

Depends on hashing used. Sha1024 is stronger than sha256 even if your password is the same

>Sha1024
??

Also,
>using plain data hashing algorithms for passwords
Learn to use actual password hashing algorithms, i.e. Argon2 or, if it's not available, pbkdf2/scrypt/bcrypt.

the longest the site accepts

20 digit string of random numbers
otherwise your account isn't safe

Attached: ratmann.jpg (740x582, 567K)

I use 40 chars, or the max length the website allows.

8srsuhYXV9fom_WjRSWTp.NNnYMZ42
_uKFKU.Svn8z.W7Pu4pKjG8P8xbuR+
9Vn@w*9cd7wY8dJw8mKRVzhfBydBjP
4V8gvJ-@8tUFKS8u-gWS4gJt6FPgfd
.amrvtA-FrapvsWMBMFi.QYNsSvhh6
[email protected]*nFSbG
WoyuKQN2JKsKb+NQ_RxWJvXzkJCuSo
@oVwMta+PbSwyRHm.Ywid.ir9hZYgG
SedQ4NbLoR..wXxQwmW-HqhEk6nA35
hya92FR88nhGy_LnXwphsQ7vNVft@x

I try to use this variation most of the time but of course %50 of the sites don't accept 30 characters.

But the password manager passphrase is the one that has to be easy to remember, otherwise I just need a password manager to keep the password manager password.

It's just one strong passphrase you have to remember, though. Remembering it lets you have a different strong passphrase on every other service without taxing your memory.

>not using correcthorsebatterystaple.net

>yfw you have to type that by hand
I stopped using these in favour of passphrases a while ago.

Attached: 1551152481763.gif (267x200, 1013K)

>What's the optimal password length?
About 6 inches. But it’s not the length that matters, it’s what you do with it.

The optimal password length is 0, because you replaced it with your private key.

666

They still can get compromised. Albeit harder. I wish everyone permitted usage of private keys though.

My master phrase for keepass db is 13 words separated with spaces, so that comes out to 75 character length for my master password, then each password for each service is 24 characters, randomly generated by keepass.

13 words is overkill. 8 should me unhackable.

hahahahaha

An encrypted notepad file.

fpbp

I like 20. It's above all minimum requirements that I've seen, while still being lower than most of the maximum requirements that I've seen. I've only seen like 3 sites that don't support 20 character passwords, and those are lel tier anyway.