this post was submitted on 18 Sep 2023
87 points (89.9% liked)
Technology
58303 readers
17 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Still fairly new to the world of computer security myself, so anyone can feel free to correct me of course, but basically;
While adding capitals, lowercase, numbers, etc does make the password more complex, it also makes it harder for the average user to remember. This means that many users reuse the same password across multiple sites/platforms. Or they use shorter passwords with common tricks like Pa$$word1. That checks all the requirements for a "secure" password but it really isn't. Hackers know that people use $ in place of S, people often use some variation of "password" in their password, and the number is usually a 1 or something easily guessable like the year they were born.
So the more up to date recommendation is to use a long and strong password (like at least 12 characters long), or a password manager and 2FA.
I think “password” is the wrong word for it. “Passphrase” encourages people to make it longer, like a few words, and length beats special characters any day.