In password security, the longer the better. With a password manager, using more than 24 characters is simple. Unless, of course, the secure password is not accepted due to its length. (In this case, through STOVE.)

Possibly indicating cleartext storage of a limited field (which is an absolute no-go), or suboptimal or lacking security practices.

  • baltakateiEnglish
    57 days ago

    In my opinion, an acceptable password length should be L in ln(alphabetSize^L)/ln(2) = (B bits of entropy). For a Bech32 character set (since it excludes ambiguous characters), alphabetSize = 32. A good password should have been 96 and 256 bits of entropy, with 128 bits being my personal preference. This means L = (B)*ln(2)/ln(alphabetSize) = 128*ln(2)/ln(32) = 25.6 = 26 characters.

    That’s… pretty close to what OP said they were restricted to, so maybe the person who set the 24 character restriction used a similar methodology.

    • SanguineParEnglish
      57 days ago

      26 characters? Perfect!

      abcdefghijklmnopqrstuvwxyz it is! And I’ll use it for everything!

      • @[email protected]English
        37 days ago

        That would suck to enter. Much better to do qwertyuiopasdfhhjklzxcvbnm

        Or if you are cool: pyfgcrlaoeuidhnnsjkxbmwvq