I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix sometimes, when I'm driving, my kiddo logs into my work phone to see what an alert was about. They always complain that my password is misspelled. I just smile and shrug. Long and simple, but just a little weird.
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix Password expiration has not been considered best practice in many years. If they're still doing that I've gotta wonder what other wildly obsolete security measures they might be relying on. Consider a new bank, I have four and none of them do that shit lol
https://www.ncsc.gov.uk/pdfs/blog-post/problems-forcing-regular-password-expiry.pdf
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
The blood of the unicorn is getting harder and harder to source!
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix And by the time you're up to six words Diceware, that's the same level of security as 15 random alphanumeric characters (single-cased), at about 45-50 characters (arguably more easily) typed.
Both about 2^77.
Yet I keep thinking that "dribble pusher swipe defiling mocker clobber" is likely easier for most people (with enough grasp of English to read this post) to remember and even type out than "zaiv3thaes7lah1".
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix it is absurd to me that the software I know of that let me do a blank text field with a blank text prompt reminder, and thus is more secure than any other system I've seen, was windows 8
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix "But your password can be brute force!"
sure but it's very very long
"what if you forget?"
I won't, because of the prompt
"but the prompt will give it away!"
anyone who can figure out what the fuck that prompt means is a PSYCHIC ALIEN STALKER
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix Or, choose a 6 digit pin, but no repeated digits or 3 or more digits in sequence" -- which of course makes it effectively *less* than 6 digits randomness (no repeats brings it down to 10!/4!, but I'm having a hard time estimating the cost of no sequences of 3 or more consecutive digits).
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix mine have changed style over the years, but my most frequently used are now made of Things I Can See when setting a new one.
Kinda like "Terrier Cheese Thief Bastard" or similar
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix And there are still many Systems that don't allow long passwords...
Or, way more terrible, the Input field allows an undefined lengths but the Password gets cut silently at some point -
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix Years ago, as local support I recommended people to use a phrase from a movie, song, or poem they liked as passphrase for the disk encryption.
I'll always remember the guy humming "somewhere over the rainbow" while unlocking his laptop.I didn't have the courage to tell him everyone knew his passphrase xDD
-
The blood of the unicorn is getting harder and harder to source!
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
Regarding the length of your poem, remember that English has about 1.3 bit of entropy per letter.
-
I've personally grown to hate the security theatre of rotating my bank passwords every six months, especially because of requirements like "must contain one uppercase, one symbol, one lowercase, one special case and the blood of a unicorn."
When mathematically, a simple, grammatically incorrect sentence of 25 characters is much harder for a machine to crack than a gibberish 8-character password with symbols.
Entropy loves length.
I love the idea that the most secure key to your digital life could just be a weird little poem or an inside joke that only you know. Security doesn't have to be painful.
#infosec #passwords #cybersecurity #UX #security #sysadmin #programming #foss #linux #privacy #enshittification #reading #finance
@pheonix
It'H@rd2FindUnic0rnB|00d -
J jwcph@helvede.net shared this topic
