chinpokomon

joined 2 years ago
[–] chinpokomon@lemmy.ml 10 points 1 year ago

Someone on Reddit once thought I was a bot because I use proper grammar. 12 years of comment history would have demonstrated otherwise, but it wasn't a battle worth fighting.

[–] chinpokomon@lemmy.ml 36 points 1 year ago* (last edited 1 year ago) (6 children)

That's one way it is weaker, but moreso because it reduces the entropy. If a user can provide a password which uses 26 letters, upper and lowercase, 10 numbers, and an unrestricted set of symbols, but for the sake of argument we'll say 10, then there are a lot of possible combinations. If you are limited to only 12 possible at max, it is 46^12. Now you impose an artificial requirement that it is one of each, then it actually weakens that further by making the hacker know that there is one of each in there so it is 2626101046^8. Or roughly 910^19 vs. 1.3610^18. I personally try to use passwords which are between 16-20 characters long, or roughly 2*10^33. By restricting the total number of characters and forcing specific combinations, then the password is less cryptographically sound.

Using this calculator, https://bitwarden.com/password-strength/, it is a difference of 3 hours vs. centuries using the bank's mandate vs. only lowercase and 20 characters.

Edit: Something seemed off about the math. Should have multiplied instead of added, but still less sound secure because there are imposed requirements. The biggest issue is that there is an upper limit of 12 characters.

[–] chinpokomon@lemmy.ml 2 points 1 year ago

As a general rule of precaution, don't follow links in the email. Instead go to the website directly, maybe from a private or incognito instance, and reset it directly. If the email is valid, you're doing the same thing and if it wasn't you aren't drawing attention to anyone else.

[–] chinpokomon@lemmy.ml 2 points 1 year ago

Calckey surprised me. There are many different sites out there right now which has me more favorable about the future than I've been recently.