Nowadays, most people use password managers (hopefully). However, there are still some passwords that you need to memorize, like master password (for a password manager), phone lock, wifi password, etc.

Security wise, can passphrase reach the strength of a good password without getting so long that it defeats the purpose of even using it?

  • mlaga97
    link
    fedilink
    arrow-up
    1
    ·
    8 months ago

    Very similar heuristic here, insofar as when to use passphrases and how long.

    LUKS and Bitlocker volumes get 8 words, computer logins usually get 4 words (potentially more depending on frequency/criticality of system).

    Smartcards and mobile devices do have numeric pins due to frequency of use and relative difficulty in copying those for offline attacks.

    Websites that are filled in w/ password manager get passwords get the random symbol-laden strings that ‘meet requirements’