Length is the most important thing, everything else is somewhat secondary. We should be shifting thinking of this to passphrases rather than passwords.
I’m sure most of us have seen the “correct horse battery staple” XKCD, but that’s what people really need to think of as passwords now, not my-favourite-celebrity-but-with-the-“e”-changed-to-“3”-and-an-exclamation-mark-at-the-end.
Nah fuck that. Sites need to adopt this passkeys instead. It’s an impossible task for people to have unique credentials for every site, even if they are “memorable”. This is a design issue not a personal responsibility one. When designing for large volumes of people, you have to assume that the majority will do something easy and stupid over difficult and smart.
Sites need to stop needing an account for everything. My haveibeenpwnd is full of sites that I can’t believe had my email in the first place. Obviously I gave it to them but like cmon
Length is the most important thing, everything else is somewhat secondary. We should be shifting thinking of this to passphrases rather than passwords.
I’m sure most of us have seen the “correct horse battery staple” XKCD, but that’s what people really need to think of as passwords now, not my-favourite-celebrity-but-with-the-“e”-changed-to-“3”-and-an-exclamation-mark-at-the-end.
Nah fuck that. Sites need to adopt this passkeys instead. It’s an impossible task for people to have unique credentials for every site, even if they are “memorable”. This is a design issue not a personal responsibility one. When designing for large volumes of people, you have to assume that the majority will do something easy and stupid over difficult and smart.
Sites need to stop needing an account for everything. My haveibeenpwnd is full of sites that I can’t believe had my email in the first place. Obviously I gave it to them but like cmon
Damn you my go-to password in the 2010’s was “P4nc4kes!”.