In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)

Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.

  • baltakatei
    link
    fedilink
    English
    5
    edit-2
    2 months ago

    In my opinion, an acceptable password length should be L in ln(alphabetSize^L)/ln(2) = (B bits of entropy). For a Bech32 character set (since it excludes ambiguous characters), alphabetSize = 32. A good password should have been 96 and 256 bits of entropy, with 128 bits being my personal preference. This means L = (B)*ln(2)/ln(alphabetSize) = 128*ln(2)/ln(32) = 25.6 = 26 characters.

    That’s… pretty close to what OP said they were restricted to, so maybe the person who set the 24 character restriction used a similar methodology.

    • SanguinePar
      link
      fedilink
      English
      52 months ago

      26 characters? Perfect!

      abcdefghijklmnopqrstuvwxyz it is! And I’ll use it for everything!

      • @[email protected]
        link
        fedilink
        English
        32 months ago

        That would suck to enter. Much better to do qwertyuiopasdfhhjklzxcvbnm

        Or if you are cool: pyfgcrlaoeuidhnnsjkxbmwvq