Most websites don’t allow multiple failed logins and, even if they did, the network latency alone would make brute force attacks useless. The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes. Having different passwords for every website also protects against this so, as usual, the answer is “just use a password manager”.
I will never do that, I have a system instead. I never understood why people would want to use a password manager. To me it seems it ads an attack vector, where you could lose EVERYTHING!
Passwords suck as an authentication system in general. Your own system is probably worse than what password managers do. Yes, there are problems, but so does every other solution to this, and password managers win out in the comparison.
Your own system is probably worse than what password managers do.
How so? If you use a password manager across 3 platforms, that makes for 3 attack vectors.
My personal system has guaranteed no vulnerabilities. So how do you conclude my system is worse?
Yeah, that’s going to be a terrible system. The human brain isn’t capable of keeping track of enough entropy to create a secure password system.
More generally, it’s a big red flag when anybody thinks they can make a better system than publicly available and verified systems. You’re not capable of that, I’m not capable of that, Bruce Schneier is not capable of that. No matter how smart you are, you missed something. That’s why I didn’t need to know a single detail.
he human brain isn’t capable of keeping track of enough entropy to create a secure password system.
What an idiotic argument, the level of entropy comes from the rules first and foremost, putting a 1 and an A together is the exact same entropy as using 2 and B. Randomizing it one way instead of another doesn’t change entropy much.
More generally, it’s a big red flag when anybody thinks they can make a better system than publicly available and verified systems.
You completely fail to understand the argument. I’m not arguing my passwords are stronger, I’m arguing they are SAFER! because they are not stored on any system, much less 3 different systems, one of which could theoretically have a vulnerability.
What an idiotic argument, the level of entropy comes from the rules first and foremost, putting a 1 and an A together is the exact same entropy as using 2 and B.
Oh dear, no. You cannot match a cryptographic (P)RNG for generating passwords. Not even close.
I guarantee your system is less secure than the worst password manager. Humans are inherently bad at choosing passwords, or anything to do with randomness really.
Most websites don’t allow multiple failed logins and, even if they did, the network latency alone would make brute force attacks useless. The point of having a high entropy password is to protect against hackers brute forcing a leaked database of hashes. Having different passwords for every website also protects against this so, as usual, the answer is “just use a password manager”.
I don’t think you need to worry about that in this case, the special character restriction suggests to me that they don’t hash it.
Seems a bit stupid if a database of passwords or other sensitive information can be brute forced.
Please clarify what you mean because your comment is giving me these vibes.
I will never do that, I have a system instead. I never understood why people would want to use a password manager. To me it seems it ads an attack vector, where you could lose EVERYTHING!
That is true for online password managers, you need an offline one
Passwords suck as an authentication system in general. Your own system is probably worse than what password managers do. Yes, there are problems, but so does every other solution to this, and password managers win out in the comparison.
How so? If you use a password manager across 3 platforms, that makes for 3 attack vectors.
My personal system has guaranteed no vulnerabilities. So how do you conclude my system is worse?
If you think that’s true, then you don’t have the experience to make a secure system.
What? What kind of system do you think I have? The only vulnerability is if they can hack my brain.
Yeah, that’s going to be a terrible system. The human brain isn’t capable of keeping track of enough entropy to create a secure password system.
More generally, it’s a big red flag when anybody thinks they can make a better system than publicly available and verified systems. You’re not capable of that, I’m not capable of that, Bruce Schneier is not capable of that. No matter how smart you are, you missed something. That’s why I didn’t need to know a single detail.
What an idiotic argument, the level of entropy comes from the rules first and foremost, putting a 1 and an A together is the exact same entropy as using 2 and B. Randomizing it one way instead of another doesn’t change entropy much.
You completely fail to understand the argument. I’m not arguing my passwords are stronger, I’m arguing they are SAFER! because they are not stored on any system, much less 3 different systems, one of which could theoretically have a vulnerability.
Oh dear, no. You cannot match a cryptographic (P)RNG for generating passwords. Not even close.
I guarantee your system is less secure than the worst password manager. Humans are inherently bad at choosing passwords, or anything to do with randomness really.