How strong a password/passphrase for a password manager should be?

mmmm

Phead I do agree, it's a ball ache, especially to type on a smartphone. Four words is definitely more secure than anything most people choose, but I don't believe in replacing one bad practice with another.

E24

I feel like between 8 and 12 characters is solid and is generally recommended for secriruty. I use bitwarden and my password is 14

mmmm

E24 8 characters is absolutely not enough for a database. Bitwarden themselves suggest at least 14 random characters, and suggest 16 or more to be sure. 8 has the potential to be cracked in a matter of hours.

Obviously it depends on where your password is stored, and any other circumstances by which may alter the variables.

Best practices are :

16 + for random character passwords
(https://bitwarden.com/blog/how-long-should-my-password-be/)

6 + words diceware. (https://ssd.eff.org/module/creating-strong-passwords)

Again, it really depends on other factors, but someone asking ‘how long should a password or a passphrase be for a password manager’, and giving no other information, it must assumed to offer at least what most security experts suggest.

« Previous Page