Yup I think mine is secure
2FA seems to be the way to go, Amazon is probably one of the biggest targets on the internet, I like their security very long passwords and 2FA. Loads of sites crapout at 8+ characters, canāt take special characters but thatās probably a good sign your data isnāt secure !
Iām still pretty certain my password which equals Pa$$word is still pretty secure. 
Good point about the length and special characters but I would not praise Amazon since they will sell your PII to anyone if the price is right. Donāt trust globalist especially those touting how secure and private the are.
Long and complex PWs take up storage and compute cycles that may seem trivial but multiplied by millions upon millions it adds up.
Amazon is the anti-christ however Iām addicted, other UK e-shop websites are horrible to use. Iām sure they are making money off me but they do offer 2FA which I havenāt seen on any other e-shop site I use.
Youāre right about storage but really, a 256 character password is no difference to me as I use a password manager, if the cost of implementing long passwords for companies is too expensive they should be out of business. However, I just think they have implemented shorter passwords for their ease.
Yup, their ease and wallet. PW manager is the way to go, shame the U.K. has few options for you.
You guys run Bitwarden of something else?
Went from KeePass to KeePassXC as it includes 2FA, when I looked at bitwarden included 2FA for the paid version.
@neogrid. I run bitwarden_rs server at home ā wasnāt aware that 2FA was a āpremiumā or paid feature. The rs implementation gives you all the premium stuff. Thanks for mentioning keepassXC. Prior to BW was using just KeePass. Dumb me wasnāt aware that the project forked.
hmm looking at their pricing you have to pay for 2FA (ok not so expensive but these are lean times), that is the Authenticator for other sites/applications not the bitwarden application itself. Maybe itās also a premium feature.
Iām from the last century so I still use a laptop, keeping the authenticator with the password manager is easier, I previously used authy on my phone but I donāt trust my phone.
passwords vs passphrases
If you use a password, then the game of cracking is guess the word
If you use a passphrase, the game becomes cracking the phrase
If you use a passphrase with high entropy, the game becomes much harder for the cracker
Example
- Password = corvette
- Passphrase = red2016corvette
- Passphrase with entropy = sixteencorvettefiresrocks
- High entropy passphrases = {sixteen#corvette&!fire@23rocks;
Thatās all great but I use Axa insurance, they have 8 character maximum and do not allow special characters, do not have 2FA obviously. Only discovered this after paying for my policy.
Evidently most companies are not concerned about customer security until they are in the press.
Will give points to Amazon, with 64 char and 2FA, that will be pretty difficult to crack.
password1 is not secured?
LeL
Oooof that password storage system is from the 1970ās. Is it based on potato?
Neither is GOD, Admin, LAGNAF, Sex123, BOSS, Owner, qwerty, 123456789 or 987654321
Who told you my password is āsecureā?
Most of my systems that I log into (banks, financialā¦) only give you 5 tries at the password then you need to go through the reset process. This would be a RED flag when I would try to log in (after the attempts) the auto response is that I have used my 5 login attempts and that i need to reset my password. I guess I could calculate how long it would take to crack my password with only 5 attempts each time. I am also in the process of trying to implement this into my IOT Pi/Arduino projects.
Well, if it can guess 100 million per second, then no password is secure. So whatās the damn point?
By the way, I despise 2FA. I use it. But I hate it with a passion. Every time I try to login somewhere I have to stop, get my phone, wait for the stupid text, yada yada yada. But theoretically, if it is trying 100 Million per second, how long before they crack the stupid 2FA system?
And those saying they use Bitwardenā¦ how is that any more secure? All it does is remember your passwords so you donāt have to. Bad passwords are still bad passwords.
The real security would be to lock accounts after 5 bad attempts. The chances of a guess in the first five attempts is virtually zero.
Well your password has 38 bits of entropy, giving it a maximum number of guesses of about 275 billion, assuming a simple brute force attempt, so 100 billion guesses per second isnāt really all that useful except for hacking pretty terrible passwords like your example. You could simply use āPa$$wordPa$$wordā as a password and itāll take such a computer up to 65,000 years to brute force it.
As password managers and password generators become more common the idea that any password can be hacked in a traditional manner is pretty comical. Password entropy grows much faster than CPU/GPU technology ever can.
On a side note services that define a maximum password length enrage me.
Some BIG (well in our scale of things) online shopping companies overhere still refuse to even implement 2FAā¦ A lot of scamming is going on there and a lot of people are being victimizedā¦ Itās pretty unbelievableā¦ Even your average Joe is a very nice target as long as these companies refuse to get their affaires in orderā¦ Get their login and the damage is doneā¦
I mean order things in the magnitude of thousands of dollars in someone elseās nameā¦ Pick up the goods and let the victim payā¦ sjeezā¦ While typing thiss I am still amazed this is still happening today.