• falsemirror@beehaw.org
      link
      fedilink
      arrow-up
      12
      ·
      11 months ago

      Many PW managers let you generate passphrases, which are all around better than random strings. Length is the most important factor so

      finance-caffeine-utopia-redress-unseen

      Is way stronger and easier to remember (and type) than

      Fl7$j4FWw)&5O

      • Myaa@beehaw.org
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        Huh, TIL. I had no idea that was an option but that’s super useful for things I need to type in on a device with no keyboard, or even things I can’t access my password manager for. Thanks for the protip there!

      • Murkhat@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Is it really safer? I mean when trying to bruteforce a password, one would have to make a guess whether it’s a passphrase or not. But if you decided to check for pass phrases, wouldn’t the one you posted be cracked in 5 times the amount of words in that dictionary? I’m not sure how large the vocabularies of the generators are, but I would guess a random 17 char password might be safer than a 5 phrases password?

        • Scary le Poo@beehaw.org
          link
          fedilink
          arrow-up
          5
          ·
          11 months ago

          but I would guess a random 17 char password might be safer than a 5 phrases password

          And you would be very wrong about that. A 5 phrase password has entropy. “finance-caffeine-utopia-redress-unseen” is 28 characters. If you add in a different symbol between the words and add a number somewhere, this password becomes incredibly difficult to brute force.

          I’ll let xkcd explain it better.

          • Murkhat@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            Youre right,different separators, numbers and even capital letters change my theory alot

      • esaru@beehaw.org
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        11 months ago

        And pass phrases are faster to type and with less typos even though they need more characters than passwords to be the same secure.

    • bdonvr@thelemmy.club
      link
      fedilink
      arrow-up
      8
      ·
      edit-2
      11 months ago

      You don’t need to make it that long.

      And also most TVs or whatever you’re streaming with has a way to type from your phone nowadays. Apple TV, Chromecast, Android TV, heck I think even Xbox.

      It’s kinda nice on Apple TV your phone will suggest autofill passwords for the TV, even from theirs party password managers like Bitwarden.

      • abbadon420@lemm.ee
        link
        fedilink
        arrow-up
        4
        ·
        11 months ago

        Android tv’s arent that old. 10 years max. 5 years since it’s affordable for most people. Is it unreasonable to own a 5 year old non-smart tv? I think not. I think it’s weird that so many people assume everyone owns a smart tv.

        • Evkob@lemmy.ca
          link
          fedilink
          arrow-up
          6
          ·
          11 months ago

          In what scenario would you need to type in a password on a non-smart TV though? Parental lock?

        • bdonvr@thelemmy.club
          link
          fedilink
          arrow-up
          4
          ·
          edit-2
          11 months ago

          You’re not wrong but in what context would you be putting in passwords on a non-smart device

          Also it’s not just smart TVs. You can hook up streaming sticks and boxes and game consoles to anything with an HDMI port

      • jarfil@beehaw.org
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        11 months ago

        For symmetric keys, since they cannot be weakened using quantum computing, their strength can be assessed by their bit-equivalent amount of entropy:

        • 40 bit or less - easily breakable
        • 64 bit - not so easy, but doable
        • 128 bit or more - basically unbreakable

        Those are equivalent to, respectively:

        • 0-9 - 12, 19, 38 characters
        • a-z - 9, 14, 28 characters
        • a-z0-9 - 8, 12, 25 characters
        • A-Za-z0-9 - 7, 11, 22 characters
        • A-Za-z0-9+special - 7, 10, 21 characters

        Moral of the story: drop the special characters, and even the numbers… and even the uppercase. A 30+ character long all-lowercase pass phrase, is already unbreakable.

        Check @falsemirror@beehaw.org:

        finance-caffeine-utopia-redress -unseen

        …is already over 128 bits.

        PS: Correct horse battery staple