I have a new very long password. Recently there was a data breach where I work- and, to much of my surprise, most of my game accounts and one of my credit cards have been infiltrated and the passwords there have been changed due to my accounts being "sold" by others who have gained the password.
Coming on to change my password, my password is way above the max amount of password characters. It's easily understandable if this isn't possible, but I'd really love to be able to change my password to something really long and not easily breached by family members sharing this computer with me or others who have gained access to my accounts.
TL;DR Got hacked on other accs. The regular amount is max. 30, possible to up it to around 40?
I have a new very long password. Recently there was a data breach where I work- and, to much of my surprise, most of my game accounts and one of my credit cards have been infiltrated and the passwords there have been changed due to my accounts being "sold" by others who have gained the password.
Coming on to change my password, my password is way above the max amount of password characters. It's easily understandable if this isn't possible, but I'd really love to be able to change my password to something really long and not easily breached by family members sharing this computer with me or others who have gained access to my accounts.
TL;DR Got hacked on other accs. The regular amount is max. 30, possible to up it to around 40?
Longer passwords aren't necessarily any safer, its complexity that's the key. Capitals, numbers, and even special letters (if allowed) may suit you without having to resort to 40 letters!
Honestly though, if people want to have a 40-character password I wouldn't be against it.
Longer passwords aren't necessarily any safer, its complexity that's the key. Capitals, numbers, and even special letters (if allowed) may suit you without having to resort to 40 letters!
Honestly though, if people want to have a 40-character password I wouldn't be against it.
@
Nineteen
While it's less important when we're talking 30 characters vs 40, 'special characters are better than length' in the general sense is a risky and incorrect assumption that leads people to use something like P4ssw0rd as their password (check out the most common passwords of the year sometime - they're based on mass leaks like the hundreds of thousands of Adobe passwords).
The first things to check are the following:
Avoid actual phrases (trustno1) is a good/bad example
Avoid anything related to you, your family, your pets etc
Avoid sequences of numbers or letters on a keyboard
Avoid using the same password across multiple sites but particularly across multiple levels of importance (petsite < email < banking)
If you skip those, your password cannot be socially engineered.
From there, brute-forcing, dictionary attacks, or the website messing up is the only way of getting your password... and the longer your password is, the harder it is to brute force. Adding capitals, numbers and punctuation helps but nowhere near the effect of simply more characters, and long human-readable passwords are easier to remember (and therefore less likely to end up written down) than shorter complex ones.
XKCD had a good comic (or two) about this a little while back.
(edited for clarity and caveats)
@
Nineteen
While it's less important when we're talking 30 characters vs 40, 'special characters are better than length' in the general sense is a risky and incorrect assumption that leads people to use something like P4ssw0rd as their password (check out the most common passwords of the year sometime - they're based on mass leaks like the hundreds of thousands of Adobe passwords).
The first things to check are the following:
Avoid actual phrases (trustno1) is a good/bad example
Avoid anything related to you, your family, your pets etc
Avoid sequences of numbers or letters on a keyboard
Avoid using the same password across multiple sites but particularly across multiple levels of importance (petsite < email < banking)
If you skip those, your password cannot be socially engineered.
From there, brute-forcing, dictionary attacks, or the website messing up is the only way of getting your password... and the longer your password is, the harder it is to brute force. Adding capitals, numbers and punctuation helps but nowhere near the effect of simply more characters, and long human-readable passwords are easier to remember (and therefore less likely to end up written down) than shorter complex ones.
XKCD had a good comic (or two) about this a little while back.
(edited for clarity and caveats)
I feel like 30 characters is enough as it is. Long passwords don't guarantee safety, intricate and complex ones do.
I feel like 30 characters is enough as it is. Long passwords don't guarantee safety, intricate and complex ones do.
@
DinoGirl500
See my post above - if anything, intricate and complex ones are more risky from a social-engineering point of view (which is how most people's passwords are compromised apart from big company hacks... which usually occur because of social engineering).
tldr; longer passwords are harder to crack than shorter more complex ones for the same level of social-engineering-proofness because computers don't care what characters you use, but every extra one creates ~40x the possible combinations.
@
DinoGirl500
See my post above - if anything, intricate and complex ones are more risky from a social-engineering point of view (which is how most people's passwords are compromised apart from big company hacks... which usually occur because of social engineering).
tldr; longer passwords are harder to crack than shorter more complex ones for the same level of social-engineering-proofness because computers don't care what characters you use, but every extra one creates ~40x the possible combinations.
This seems reasonable to me.
Also, I'm sorry you got hacked, that's so infuriating.
This seems reasonable to me.
Also, I'm sorry you got hacked, that's so infuriating.
