Turns out there are a lot of opinions about the best way to enforce password length/complexity... I am shocked(I am not, in fact, shocked)!
Here’s the model... 2FA all the things. Non-sms 2FA is better.
Passwords are simply not enough by themselves... those numbers in the chart that started this discussion come way down when a determined attacker decides to throw resources at it.
@thegibson if you have a computer that uses the lowest amount of energy possible, limited only by Boltzmann’s constant and the temperature of space, it would have to consume the mass-energy of the entire universe before guessing every possible combination a password with under 250 bits of entropy.
if you use a password manager, it’s not hard to generate passwords that will never be brute-forced.
A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.