this post was submitted on 19 Dec 2023
986 points (99.1% liked)
xkcd
8883 readers
210 users here now
A community for a webcomic of romance, sarcasm, math, and language.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Except nobody is out there guessing passwords. That's a flawed basis and advice that was outdated a decade ago. They're pulling them from site breaches and brute forcing dictionary attacks with bot nets. The best thing the average person can do now is a locked file to store their passwords. The password on that is a unique easily memorable thing and everything else can be gobbledygook because you have a reference. And yes unencrypted but locked files aren't a big block to a hacker in your computer. But the average person isn't facing that problem.
And if you're not an average person then you should be using a physical 2fa device on the principle that even if it's stolen, they would still need to gain physical access to the computer.
The one thing you shouldn't do is use a 24 character hash on every site and leave it for a year because it's "hard to guess". It will get breached and decrypted well before then.