On Sat 14 May 2022 at 15:21:06 +0200, [email protected] wrote: > On Sat, May 14, 2022 at 12:42:28PM +0100, Brian wrote: > > On Sat 14 May 2022 at 07:23:47 +0200, [email protected] wrote:
[...] > > > [strong, unique, random] > > > > > > That's it. The unique part can't be stressed enough: if your have > > > umpteen services out there, it's a matter of time until one of > > > those passwords leak (incompetent service provider, phishing, > > > etc.). It better be different from your other passwords. > > > > > > To minimise stress, I let a tool generate my passwords (pwgen). > > > Important ones are 16 char (disk & backup encryption, bank account > > > key armor, etc.), less important ones (e.g. local login) just 8. > > > > Let me introduce you to my bank: they reduced the maximum 20 chars > > to 16 and did not allow some special chars such as "!" and ".". > > Mind you, I feel much more secure - 3FA is used :). > > Three? Why not go all the way to 5FA [1]? > > Cheers > > [1] https://boingboing.net/2005/09/14/gillettes-5blade-raz.html > (not linking to the original Onion because their Javascript > doesn't want to play with me) With MFA in play, does it really matter whether a password is strong and unique? The only thing in this situation it now appears to do is authorise a phone call or email. -- Brian.
