7

You need to start using password managers and 2FA

Submitted by twovests in just_post

  1. Computation power is still exponentially increasing per Moore's law, AND
  2. We're learning to hash passwords faster for given computational power, AND
  3. We can make better use of aggregate and individual data to guess passwords better, AND
  4. Demand for GPUs for machine-learning and cryptocurrency are yielding lower-price GPUs.

In effect, password-crackers are getting stronger than ever before. Password strength (entropy) relies on a number of factors:

  1. Length of the password.
  2. Randomness of password. - Humans are a poor source of randomness!
  3. Uniqueness of password. - Your passwords between sites should not follow any patterns!

Smarty pants people might make their passwords from dictionary words or from patterns and rules or from the romanization of words in their native language, thinking they're smart, but there are people smarter than you. They know (and use) all the tricks. In short...

Humans cannot be trusted to make and remember good passwords. *

Please please please PLEASE use a password manager...

(* You probably can make and remember good passwords, but it's a waste of effort and time. Do you really want to memorize dozens of 20-character long random strings?)

hmmm

i'm tired and have decided to stop writing this post. please use password managers and also 2factor authentication. thank you

Comments

You must log in or register to comment.

3

Dogmantra wrote

password managers always felt like a really convenient way to lose access to all your sites in one go to me

4

twovests wrote

so long as you have 1. your MFA details backed up somewhere physically separate and safe, and 2. most password managers let you back the data up in a server as well as on your devices

alternatively you can remember your password manager password and your email password, which is a reasonable choice. (arguably they could even safely be the same.)