this post was submitted on 19 Mar 2024
76 points (94.2% liked)

Asklemmy

43788 readers
783 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

Nowadays, most people use password managers (hopefully). However, there are still some passwords that you need to memorize, like master password (for a password manager), phone lock, wifi password, etc.

Security wise, can passphrase reach the strength of a good password without getting so long that it defeats the purpose of even using it?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] Kahnares@lemmy.ml 7 points 7 months ago* (last edited 7 months ago) (1 children)

I use passphrases for frequently used logins and randomly-generated passwords of varying lengths for everything else. I also use a hardware key and/or 2FA for everything that allows it.

I'm conversationally fluent in a few different languages (enough to order food, greet people and ask directions to the shitter, anyway) and I can swear in another half-dozen languages so I tend to mix'n'match my passphrases with different foreign words. Bonus points for accented characters. That's probably not gonna fool a dictionary-based attack but since I live in a (mostly) English-speaking country, it might make it interesting for the English-only speakers to try guessing.

At work, we're held to the outdated policy set by the IT department so it can be difficult to be creative. On top of that, they force a password change whenever someone sneezes so I see a lot of sticky notes on monitors and under keyboards.

Edit: spelling and grammar.

[โ€“] acetanilide@lemmy.world 4 points 7 months ago

I once had to change a password every 30 days.

And it couldn't be a password I'd used before. Along with ridiculous requirements (but not as ridiculous as the 30 day thing).

You'd think it was a password to get into the NSA's database or something.

Nope, just a (not very) random website.