10 chars, no special characters and that’s it

Just tell me that you want to have access to my videos and be done with it

  • borari@sh.itjust.works
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    Yeah, that’s not optimal. My single-sourced, non-verified quick Google search tells me that brute forcing a 10-char password of lower case letters only would be instant, subbing out one char for an upper-case letter would increase to one month, and subbing out another char for a number raises that to 6 years. Simply allowing for a special char would take 50 years.

    That’s assuming the password is truly random. Use a dictionary with some rule sets, and make some assumptions like people will probably just append a number to the end of their password, and you’ll knock those times down drastically.

    There’s no excuse for not allowing your users to use safe passwords.