|
|
|
|
|
|
by upofadown
1363 days ago
|
|
|
This all comes down to this statement: >In fact, pretty much the only case where complexity and length matter is when we’re defending against offline password cracking. But for every other case in the threat model where passwords are stolen, length and complexity simply don’t matter. The idea is that most passwords are stolen when they are plaintext. So it only matters that the password is unique to that system. Offline password cracking is relevant for cases like the passphrase used to protect your PGP or SSH keys. Then length and complexity is important. Stuff like the suggested FIDO is the same sort of thing. If you need to protect the FIDO key information then length and complexity of your passphrase is important where offline password cracking is relevant. |
|
|