This is not a conspiracy, it is safer to have a less complicated but longer password that is compromised of a few random and unassociated words (that you can remember) than to have something more complicated but shorter. This is because if anyone IS trying to brute force rather than use more finesse (methods which mostly_bots detailed which don't vary in success based on password complexity), they will take much longer to access the longer password, and you can have a password like that live in your head much more easily than a bunch of random characters which you'd probably have to save in a password manager
The goal of demonizing passwords over the last 10 years has been about promoting biometrics but sure, tell me how suddenly we went from be forced in to 12+ characters, one special, one capital.. to nah, its fine. Yes brute force does not exist and yes 95% of all hacking is social engineering, but prevention of brute force IS BCZ TOUGH PASSWORDS. It shd not be birthdates, names, password123, hometown, pets... bcz brute comes in degrees
There are a couple of issues because password protected services are not the same.
Your gmail password doesn't need to be crazy complicated because you can't try to brute force it. Web based services are rate limited so it takes too long to brute force it.
The RockYou2024 password list contains 9,948,575,739 different passwords. Do you think yours are in there?
My Instagram / Github / others are 2FA using an authenticator app.
It is relatively simple to add something like Duo authentication to your web service.
Whereas your hard drive / other file encryption passwords can be brute forced. And you can spin up 100 instances on AWS to do it.
If you need a password app, or use Google passwords because you randomly generate a password you're not able to memorize... That headline makes sense.
This is not a conspiracy, it is safer to have a less complicated but longer password that is compromised of a few random and unassociated words (that you can remember) than to have something more complicated but shorter. This is because if anyone IS trying to brute force rather than use more finesse (methods which mostly_bots detailed which don't vary in success based on password complexity), they will take much longer to access the longer password, and you can have a password like that live in your head much more easily than a bunch of random characters which you'd probably have to save in a password manager
many people use song lyrics and lyrics are part of the cracking corpus
The goal of demonizing passwords over the last 10 years has been about promoting biometrics but sure, tell me how suddenly we went from be forced in to 12+ characters, one special, one capital.. to nah, its fine. Yes brute force does not exist and yes 95% of all hacking is social engineering, but prevention of brute force IS BCZ TOUGH PASSWORDS. It shd not be birthdates, names, password123, hometown, pets... bcz brute comes in degrees
There are a couple of issues because password protected services are not the same.
Your gmail password doesn't need to be crazy complicated because you can't try to brute force it. Web based services are rate limited so it takes too long to brute force it.
The RockYou2024 password list contains 9,948,575,739 different passwords. Do you think yours are in there?
My Instagram / Github / others are 2FA using an authenticator app.
It is relatively simple to add something like Duo authentication to your web service.
Whereas your hard drive / other file encryption passwords can be brute forced. And you can spin up 100 instances on AWS to do it.