How Long Is Your Master Password or Passphrase?

• 

  railspider on 28/04/2017 - 09:09

  +4

  hunter2

• 

  [Deactivated] on 28/04/2017 - 09:20

  +1

  password1!

• 

  iforgotmysocks on 28/04/2017 - 09:35

  +2

  Ozbargain password used to be anybargains but have since increased to arethereanybargainspriceintitlestoreintitle.

• 

  coyney on 28/04/2017 - 09:44

  Asking how long is your password, is like asking how long your e-peen is.
  Using your 'Master' password on multiple sites would put you at risk no matter how many characters it contains.

  • 

    iamw0man on 28/04/2017 - 09:48

    +5

    I use the master password to log into my password manager. Everything else is randomly generated.

• 

  dylanando on 28/04/2017 - 09:49

  im on 21 characters and building daily

• 

  Euphemistic on 28/04/2017 - 10:18

  Takes me 12 mins to type it in.

• 

  Looking4Bargians on 28/04/2017 - 10:38

  +1

  It's a secret … yes that's the password

• 

  CyberMurning on 28/04/2017 - 10:58

  damn now i realised i dont remember my lastpass password anymore!
  doh i really wish we all have chip inserted on our arm or head and the computer can read it - no more password

  • 

    firstworldproblems on 28/04/2017 - 11:48

    +1

    until then: consider getting yourself a yubikey neo.

    • 

      shaybisc on 28/04/2017 - 17:51

      i've got one but so far it's of limited utility- not many of the things I use have it as their 2FA. LastPass and Google only so far.

      • 

        firstworldproblems on 30/04/2017 - 03:30

        +1

        you seem to suffer the same misperception i had when i first got mine:

        1. can use one of the slots for an ultra-long static password, perhaps your master password for lastpass. i used to do this to decrypt my bitlocker drives in windows.

        2. if you utilise PGP encryption, you can encode your private key into the yubikey and essentially use it as a smart card for both PGP and SSH authentication (but only up to 2048 bits)

        3. the NEO also comes with NDEF, which is compatible with NFC readers on smart phones. with a little fiddling, you can configure it to output a static password to your phone's clipboard.

        4. there's a new protocol similar that's come out called Y2F (google pushed for it) — it's already supported in chrome, and there's a plugin for firefox. not much uptake just yet, but will be commonplace soon.

        5. the best use i've read of so far is configuring the yubikey to act as your actual google 2FA secret. rather than running google authenticator, you have a simple script configured to read it, generate your token, then copy it to your clipboard. the beauty here is that although you need a premium subscription to use the yubikey with lastpass, support for google 2FA is actually free. premium security without the subscription fees.

        mind you, i still haven't settled how it is that i intend to use it, but it sure as hell has a lot of possibilities.

      • 

        shaybisc on 30/04/2017 - 12:11

        @firstworldproblems:

        Thanks for the tips.

      • 

        airzone on 07/05/2017 - 12:29

        Probably won't help you, however I buy them at work, reprogram them with my own keys, and use them for 2FA in lots of work things - primarily through radius.

• 

  PJC on 28/04/2017 - 11:55

  admin

• 

  Skramit on 28/04/2017 - 12:33

  180k

• 

  modsec802 on 28/04/2017 - 22:10

  4 unrelated words. Easy to remember. Hard to guess.

  See: https://xkcd.com/936/

• 

  katekate1 on 04/05/2017 - 23:01

  10alphabet, with 2 cap locks, and 3 numerics.

• 

  airzone on 07/05/2017 - 12:30

  supercalifragilisticexpialidocious

• 

  Archi on 08/05/2017 - 16:41

  if I tell you, i'll have to kill you.