1039
submitted 8 months ago by anders@rytter.me to c/memes@lemmy.ml

Brute force protection

@memes

you are viewing a single comment's thread
view the rest of the comments
[-] saigot@lemmy.ca 12 points 8 months ago* (last edited 8 months ago)

Dictionary attacks have been around for a long time, but It's still quite strong especially if you throw in a number.

A fully random 8 character password has about 10^14 brute force combinations (assuming upper and lower case + the normal special characters). 4 words choosen at random from the top 3000 words (which is a very small vocabulary really) is 10^13 dictionary attack combinations, add a single number or account for variations in word style (I.e maybe don't always use camel case) and you've matched the difficulty. If you use 5 words it's 10^17 combinations.

A password manager and a hard password is a better idea but there are cases where you can't use a password manager (like the password to said manager).

[-] Gradually_Adjusting@lemmy.ca 4 points 8 months ago

I'm a basic little shit so, I basically use a correct horse + number password for my PW manager

[-] sloppy_diffuser@sh.itjust.works 1 points 8 months ago

I do a passphrase like the comic followed by 56 characters of gibberish using an https://onlykey.io/ (acts as a USB keyboard) that has a 10 digit pin (6 characters to choose from) and a kill switch pin (if I were ever forced to unlock it). I use this method for my disk encryption, main account login, and password manager.

I also use a https://www.themooltipass.com/ for vendor diversity (4 digit pin but all hex characters). I prefer the onlykey.

I rotate the gibberish monthly and the passphrase 2-3 times a year.

Once a year I change up the pin codes.

I figure that gives me enough entropy from brute force on all my systems with a balanced level of convienence and security. I literally don't know a single one of my passwords.

this post was submitted on 13 Mar 2024
1039 points (100.0% liked)

Memes

45736 readers
438 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS