|
|
|
|
|
|
by peterwwillis
4391 days ago
|
|
|
It really doesn't matter how much entropy exists because password crackers do not use linear keyspace searches, they use advanced heuristics to guess the most likely possibilities first. The major flaw in passwords is that humans choose them and humans are fairly predictable. If a site generates a password for the human it would result in a more even distribution of randomly-generated passphrases and reduce passphrase re-use across different sites. The human could then write it down or memorize it (or record it in their password manager, which defeats the purpose of using passwords entirely). Passwords are mostly dead at this point, and more two-factor service providers need to pop up to prevent over-reliance on passwords. http://twofactorauth.org/ |
|
|