• sugar_in_your_tea@sh.itjust.works
        link
        fedilink
        arrow-up
        1
        ·
        10 months ago

        Yup, most of my passwords are like 30 characters, and I don’t remember any of them except the one to unlock my password manager (and a couple other important ones).

    • Lumu@beehaw.org
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      Idk someone could probably brute force it in only a few trillion years, I’d make it longer if you plan to be using Twitch long-term.

      • thingsiplay@beehaw.org
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        10 months ago

        You assume the person would never change the password. Someone with that long password is probably security concerned and is likely to change it after some time, even if its once in a year.

        • Lumu@beehaw.org
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Yeah but you’d have to write it across like, 10 post-it notes along the top of your monitor. That’d get expensive!

          • Midnitte@beehaw.org
            link
            fedilink
            arrow-up
            3
            ·
            10 months ago

            Or just use a password manager. Then you only need to store one password across 15 post-it notes.

            • library_napper@monyet.cc
              link
              fedilink
              arrow-up
              1
              ·
              10 months ago

              NIST used to tell orgs to require password rotation. Some years ago they changed their recommendation with an explanation that it adds not security benefits while it encourages users to write down or use shittier passwords.

              • thingsiplay@beehaw.org
                link
                fedilink
                arrow-up
                1
                ·
                10 months ago

                Yes, as I said, that is with the assumption if people do not use password manager and get lazy. Then I can see this argument being true. But with such long and complicated random passwords on many different services (like I do), it’s expected to use password managers and only remember a single password. Therefore this is the preferred method over bad passwords, which are not changed frequently, as the NIST recommends. I do not agree with that.