https://xkcd.com/2869

Alt text:

Why couldn’t the amulet have been hidden by Aunt Alice, who understands modern key exchange algorithms?

  • Maggoty@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    1 year ago

    Except nobody is out there guessing passwords. That’s a flawed basis and advice that was outdated a decade ago. They’re pulling them from site breaches and brute forcing dictionary attacks with bot nets. The best thing the average person can do now is a locked file to store their passwords. The password on that is a unique easily memorable thing and everything else can be gobbledygook because you have a reference. And yes unencrypted but locked files aren’t a big block to a hacker in your computer. But the average person isn’t facing that problem.

    And if you’re not an average person then you should be using a physical 2fa device on the principle that even if it’s stolen, they would still need to gain physical access to the computer.

    The one thing you shouldn’t do is use a 24 character hash on every site and leave it for a year because it’s “hard to guess”. It will get breached and decrypted well before then.