Nostr

Replying to

Doog

How many bits of entropy is considered good for passwords?

I've been review a few with my password manager and many have >100 bits. Many have worse than that.

This is all part of a months long effort to delete accounts or update to strong passwords.

Low Information Voter 1y ago

It really depends on your threat model.

To keep random script kiddies from an online brute force attack, even a weak password will do as long as its not one in typical lists, or one you've used before that was leaked in a hack. Fail2ban and the like prevent exhaustive brute force attacks.

To defeat a skilled adversary with cloud or physical access to your files, yeah that's hard, but 128 bits+ of entropy is probably enough.

Reply to this note

Please Login to reply.

Discussion

No replies yet.