![]() ![]() If you can't trust an open-source application managed by a reputable non-profit, then you definitely can't trust your operating system either, in which case it is better to not have a smartphone at all. Locally Firefox encrypts those passwords using a " Master password" you have to set and which never gets transmitted.Īnd any password manager can "snarf your password", all it takes is a targeted update, which on present day mobile devices will be automatic. If you're talking about the Firefox Sync password, it's being derived and what Mozilla gets is not your password. > its password store is secured by your password, which Mozilla can snarf if they wish, or are compelled to do Or for your operating system for that matter. Having a unique, strong password for every online account you have is not a task for your browser to handle. That alone gives you sufficient entropy to beat brute force attacks and isolation of your other accounts from a single site leaking your password from their end. I think the bigger win of using a password manager is being able to use different random passwords for each site, rather than using particularly long ones. I expect you'd reach a number beyond all economic activity on Earth before you hit 100 characters, 15 probably exceeds most people's net worth, and 8 characters probably suffice for the majority of sites requiring a password. Drop a couple orders of magnitude if you want to err on the safe side (or adjust Y). That would be the maximum value that this password format would be sensible to protect. Then, you could convert the CPU cycles to an estimated opportunity cost to crack that password. ![]() In other words, you could probably calculate that a given password format (say, 8 random characters with about 70 possible values each) would require X CPU cycles, with Y% certainty. I wonder if anyone has a formula to convert estimated $ loss if a password is cracked to a suggested level of password entropy.
0 Comments
Leave a Reply. |