this post was submitted on 18 Jul 2025
329 points (96.9% liked)
memes
16266 readers
3292 users here now
Community rules
1. Be civil
No trolling, bigotry or other insulting / annoying behaviour
2. No politics
This is non-politics community. For political memes please go to !politicalmemes@lemmy.world
3. No recent reposts
Check for reposts when posting a meme, you can only repost after 1 month
4. No bots
No bots without the express approval of the mods or the admins
5. No Spam/Ads
No advertisements or spam. This is an instance rule and the only way to live.
A collection of some classic Lemmy memes for your enjoyment
Sister communities
- !tenforward@lemmy.world : Star Trek memes, chat and shitposts
- !lemmyshitpost@lemmy.world : Lemmy Shitposts, anything and everything goes.
- !linuxmemes@lemmy.world : Linux themed memes
- !comicstrips@lemmy.world : for those who love comic stories.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Randomly generate your master password too. It takes a bit to memorize, but becomes muscle memory pretty quickly. And since random passwords have the highest possible entropy per character you can use a shortish one, which allows for fast typing while still being impossible to brute force (I use 16 chars).
Both Bitwarden and 1Password can also generate passphrases with high entropy that are much easier to memorize and enter. I use that for my master password.
There's a xkcd for that of course! Linking directly to the explain as it has more info but the important thing is: password guidelines tricked humans into thinking in a machine way about safe passwords but long pass phrases are more secure from an entropy point of view and way easier to remember!
https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
The xkcd-suggested passwords have 44 bits of entropy. Assuming a weak hash like SHA1, a single 4090 could crack such a password in under 10 minutes (source).
My 16 character password, with 70 symbols per character, has log₂70 * 16 ≈ 98 bits of entropy. That corresponds to a cracking time of over 200 billion years with the same parameters.
xkcd's password system is quite terrible for security. Its only advantage is that it's relatively secure for how easy it is to remember. If you're someone who really struggles to remember passwords and would otherwise use something even weaker, go for it, but if you want security then random characters are the way to go.
Take a sentence with 200 characters then.
And your opinion is exactly that and doesnt match security research:
For the following you're not the target group but others reading this who might want to make their lifes easier. Just from your way of writing I at least don't expect that minor sources like okta or the NCSC will change your mind.
( article links with high level descriptions and links to their primary sources)
https://www.okta.com/identity-101/password-vs-passphrase/
https://www.4bis.com/passphrase-vs-complicated-passwords-passphrases-are-best/
https://specopssoft.com/blog/passphrase-best-practice-guide/
I'm not arguing that random passwords are better for everyone, just that they're most secure for their length. A 9 word passphrase is just as secure as a 16 character random password, but is far longer.
A 4 word xkcd passphrase is more or less equivalent to a 7 character random password, and is secure with xkcd's threat model (online brute force attack) but not with other threat models, like a brute force of a weak hash, which is many orders of magnitude faster.
If you'd like to verify the math:
4 word xkcd passphrase: 2048 (possible words) ^ 4 (number of words) = 44 bits of entropy ≈ 17.6 trillion possibilities.
7 word password: 70 (possible characters) ^ 7 (number of characters) ≈ 42.9 bits of entropy ≈ 8.2 trillion possibilities.
(Adding an eighth character raises the number to 576 trillion).
Once you forget it, you lose everything
I'm not prone to forgetting things, but if you are, it's easy enough to write down and store somewhere secure like a safe deposit box. If you have people you trust, you should have a backup copy anyways so they can access your password manager if you die suddenly.