Yes you are right, I mixed up stength with complexity. :)
Since the user cannot assess password complexity on sight, it may be useful to help the user understanding this complexity. Maybe this?
I have mixed feelings towards password managers I cannot explain. I concede it may be just my ignorance. :)
I used to have mixed feelings about password managers, thinking I’m exposing all my passwords behind just a single password.
But without a password manager, it’s pretty much impossible to use a different password for each service. And that’s really the bigger risk, as services leak password hashes so often, if that hash gets bruteforced once, you’re fucked for every service where you reused that password.
I mean, services can add Salt and Pepper to the password hashes to make bruteforcing the hash harder and the result less useful, but you unfortunately can’t rely on that.
Yes you are right, I mixed up stength with complexity. :)
Since the user cannot assess password complexity on sight, it may be useful to help the user understanding this complexity. Maybe this?
I have mixed feelings towards password managers I cannot explain. I concede it may be just my ignorance. :)
I used to have mixed feelings about password managers, thinking I’m exposing all my passwords behind just a single password.
But without a password manager, it’s pretty much impossible to use a different password for each service. And that’s really the bigger risk, as services leak password hashes so often, if that hash gets bruteforced once, you’re fucked for every service where you reused that password.
I mean, services can add Salt and Pepper to the password hashes to make bruteforcing the hash harder and the result less useful, but you unfortunately can’t rely on that.