10 chars, no special characters and that’s it

Just tell me that you want to have access to my videos and be done with it

  • borari
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    2 years ago

    Yeah, that’s not optimal. My single-sourced, non-verified quick Google search tells me that brute forcing a 10-char password of lower case letters only would be instant, subbing out one char for an upper-case letter would increase to one month, and subbing out another char for a number raises that to 6 years. Simply allowing for a special char would take 50 years.

    That’s assuming the password is truly random. Use a dictionary with some rule sets, and make some assumptions like people will probably just append a number to the end of their password, and you’ll knock those times down drastically.

    There’s no excuse for not allowing your users to use safe passwords.

    • terribleplan@lemmy.nrd.li
      link
      fedilink
      arrow-up
      2
      arrow-down
      1
      ·
      2 years ago

      Assuming they’re using some sort of password-based key derivation function it would be anything but “instant”, depending on the settings they feed to the KDF. For some reason I doubt they are doing so, but just saying that it is possible for it to not suck that bad.