|
|
|
|
|
|
by quantum5
2197 days ago
|
|
|
Thank you for the audit! The default was chosen as 4 words due to usability concerns with longer passwords or more obscure words, but it is adjustable. The strength meter is yellow at 4 words to indicate the less-than-optimal entropy, but I felt it was better than turning a new user off by making it too hard to remember. But that's a decision I plan on revisiting. If you are security conscious, you can save a more secure default for yourself (in local storage, nothing is ever transmitted to a server). |
|
|
I would recommend the default be 6 words, and let people choose down to 4, but not lower. At last that way, users know what a "secure default" looks like. Granted, it breaks the four-word "correct horse battery staple" XKCD format, but Randall was in some error with that comic anyway.