this post was submitted on 22 Jan 2024
121 points (66.5% liked)

Firefox

17836 readers
218 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] ShadowFox@lemmy.blahaj.zone 10 points 9 months ago (3 children)

Now that is a long password lol

[–] Serz@beehaw.org 5 points 9 months ago (1 children)

Idk someone could probably brute force it in only a few trillion years, I'd make it longer if you plan to be using Twitch long-term.

[–] thingsiplay@beehaw.org 3 points 9 months ago (2 children)

You assume the person would never change the password. Someone with that long password is probably security concerned and is likely to change it after some time, even if its once in a year.

[–] Serz@beehaw.org 2 points 9 months ago (1 children)

Yeah but you'd have to write it across like, 10 post-it notes along the top of your monitor. That'd get expensive!

[–] Midnitte@beehaw.org 3 points 9 months ago

Or just use a password manager. Then you only need to store one password across 15 post-it notes.

[–] library_napper@monyet.cc 1 points 9 months ago (1 children)

NIST does not recommend changing passwords. Its usually a bad practice

[–] thingsiplay@beehaw.org 1 points 9 months ago (1 children)

Why is changing passwords bad practice? What is the reasoning behind this? Changing passwords is highly recommended. There are many reasons why one should do this. Found this article: https://www.linkedin.com/pulse/why-passwords-must-periodically-changed-roger-grimes and don't agree. The argumentation seems like if you have to remember all passwords, but totally ignores password managers.

[–] library_napper@monyet.cc 1 points 9 months ago (1 children)

NIST used to tell orgs to require password rotation. Some years ago they changed their recommendation with an explanation that it adds not security benefits while it encourages users to write down or use shittier passwords.

[–] thingsiplay@beehaw.org 1 points 9 months ago

Yes, as I said, that is with the assumption if people do not use password manager and get lazy. Then I can see this argument being true. But with such long and complicated random passwords on many different services (like I do), it's expected to use password managers and only remember a single password. Therefore this is the preferred method over bad passwords, which are not changed frequently, as the NIST recommends. I do not agree with that.

[–] Asudox@lemmy.world 4 points 9 months ago (1 children)

Yup, most of my passwords are like 30 characters, and I don't remember any of them except the one to unlock my password manager (and a couple other important ones).

[–] library_napper@monyet.cc 1 points 9 months ago

If your password don't overflow the input field, its not long enough