I'm at 33 characters now. I used to use random numbers, letters and special characters. It was hard to make it too long or my memory would sometimes fail. I use diceware now so it's primarily whole words, i.e. a passphrase, with some numbers, special characters and upper case letters thrown in. It is surprisingly easy to remember.
How Long Is Your Master Password or Passphrase?
Comments
password1!
Ozbargain password used to be anybargains but have since increased to arethereanybargainspriceintitlestoreintitle.
Asking how long is your password, is like asking how long your e-peen is.
Using your 'Master' password on multiple sites would put you at risk no matter how many characters it contains.I use the master password to log into my password manager. Everything else is randomly generated.
im on 21 characters and building daily
Takes me 12 mins to type it in.
It's a secret … yes that's the password
damn now i realised i dont remember my lastpass password anymore!
doh i really wish we all have chip inserted on our arm or head and the computer can read it - no more passworduntil then: consider getting yourself a yubikey neo.
i've got one but so far it's of limited utility- not many of the things I use have it as their 2FA. LastPass and Google only so far.
you seem to suffer the same misperception i had when i first got mine:
can use one of the slots for an ultra-long static password, perhaps your master password for lastpass. i used to do this to decrypt my bitlocker drives in windows.
if you utilise PGP encryption, you can encode your private key into the yubikey and essentially use it as a smart card for both PGP and SSH authentication (but only up to 2048 bits)
the NEO also comes with NDEF, which is compatible with NFC readers on smart phones. with a little fiddling, you can configure it to output a static password to your phone's clipboard.
there's a new protocol similar that's come out called Y2F (google pushed for it) — it's already supported in chrome, and there's a plugin for firefox. not much uptake just yet, but will be commonplace soon.
the best use i've read of so far is configuring the yubikey to act as your actual google 2FA secret. rather than running google authenticator, you have a simple script configured to read it, generate your token, then copy it to your clipboard. the beauty here is that although you need a premium subscription to use the yubikey with lastpass, support for google 2FA is actually free. premium security without the subscription fees.
mind you, i still haven't settled how it is that i intend to use it, but it sure as hell has a lot of possibilities.
Thanks for the tips.
Probably won't help you, however I buy them at work, reprogram them with my own keys, and use them for 2FA in lots of work things - primarily through radius.
admin
180k
4 unrelated words. Easy to remember. Hard to guess.
10alphabet, with 2 cap locks, and 3 numerics.
supercalifragilisticexpialidocious
if I tell you, i'll have to kill you.
hunter2