My boss asked me for some work account's password once. "I don't know," I said, "I don't know any of my passwords. I use a password manager and passwords that exceed 32 characters if possible."
My boss thought that was silly. Today, breaking a SHA-256-encoded hash for a 12-character password takes less than an hour.
Services that limit password length give away hints about their shoddy password hashing practices. Do not trust them.
Conversation
Notices
-
Ænðr E. Feldstraw (aeveltstra@mastodon.social)'s status on Saturday, 20-Jul-2019 21:59:06 UTC Ænðr E. Feldstraw - Christine Lemmer-Webber repeated this.