Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ditto. I use 5 to 6. Also, the problem with recommending passphrases is that I don’t see a decent explanation from those recommending them as to how they work. Yes, I get that they are public key cryptography, but the details of the actual implementations (each seems different) make them confusing. And where there is confusion there is room for exploitation.


You are right, the explanation is glossed over.

Perhaps because it is so simple: what matters for passwords is length. No other complexity metric (codeset, whatever) is even in the same race.

Personally, my passphrases are seven words or more, which gets me to over 30 characters.


Entropy is what matters, not length. OP gets this part right.

"qwertyuiopasdfghjkl" or "aaaaaaaaaaaaaaaaaabc" are not stronger than "kmY7$®f0V".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: