You Should Know
YSK - for all the things that can make your life easier!
The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:
Rules (interactive)
Rule 1- All posts must begin with YSK.
All posts must begin with YSK. If you're a Mastodon user, then include YSK after @youshouldknow. This is a community to share tips and tricks that will help you improve your life.
Rule 2- Your post body text must include the reason "Why" YSK:
**In your post's text body, you must include the reason "Why" YSK: It’s helpful for readability, and informs readers about the importance of the content. **
Rule 3- Do not seek mental, medical and professional help here.
Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.
Rule 4- No self promotion or upvote-farming of any kind.
That's it.
Rule 5- No baiting or sealioning or promoting an agenda.
Posts and comments which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.
Rule 6- Regarding non-YSK posts.
Provided it is about the community itself, you may post non-YSK posts using the [META] tag on your post title.
Rule 7- You can't harass or disturb other members.
If you harass or discriminate against any individual member, you will be removed.
If you are a member, sympathizer or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people and you were provably vocal about your hate, then you will be banned on sight.
For further explanation, clarification and feedback about this rule, you may follow this link.
Rule 8- All comments should try to stay relevant to their parent content.
Rule 9- Reposts from other platforms are not allowed.
Let everyone have their own content.
Rule 10- The majority of bots aren't allowed to participate here.
Unless included in our Whitelist for Bots, your bot will not be allowed to participate in this community. To have your bot whitelisted, please contact the moderators for a short review.
Partnered Communities:
You can view our partnered communities list by following this link. To partner with our community and be included, you are free to message the moderators or comment on a pinned post.
Community Moderation
For inquiry on becoming a moderator of this community, you may comment on the pinned post of the time, or simply shoot a message to the current moderators.
Credits
Our icon(masterpiece) was made by @clen15!
view the rest of the comments
That's like saying that only using high security locks with various security pins in them to protect your house is a bad idea, and you should throw in some secured with padlocks too just to change things up.
And if some of them are shitty masterlocks, well, you're changing things up.
That's really not how security works.
Yes, pass phrases can have large amounts of entropy attached. But unless you are picking your pass phrases truly randomly, with a large dictionary, and using unique pass phrases per site, and the sites are not silently truncating the password input (such as bcrypt which truncates to 72 bytes), you are not actually getting that large amount of entropy.
Where as a 16 character password that randomly uses the ASCII printable range, excluding spaces, gives you 93^16 possible combinations. That's 31313180170800116587336013460801 passwords.
Or, very roughly, 104.6 bits of entropy. (104.6265409777285022441578006899739 bits of entropy if you want to be downright absurd about it.)
Knowing that you're doing that simply doesn't help the attacker in any meaningful way.
Bumping that to 20 characters gives you over 130 bits of entropy, or 2342388736625917052139104541473924426001 possible combinations.
This is quite simply not a viable attack surface.
Where as saying 'use pass phrases for some things' means that it is quite likely that some of your pass phrases are going to be much less secure than this.
But let's give the same numbers for properly generated random passphrases.
The xkcdpass utility can help us here.
Even picking entirely randomly, out of a large word list of 7227 words, a 6 word pass phrase only gives roughly 76 bits of entropy.
Going up to 8 words gives us roughly 102 bits of entropy, that helps a ton... Except that some of those passphrases are going to be longer than 72 bytes. So you're almost certainly losing bits of entropy.
That best case still gives you fewer bits of entropy than a 20 character randomly generated password. Unless you're trying to memorize your password, there are no benefits to alternating between randomly generated passwords with good generation settings and passphrases.
And if you're trying to memorize your passwords, you are definitely doing it wrong.