like
· · to read

@Homebrewandhacking @bitwarden @1password

You’re right – you have no control over the password policies for third-party services. So with that in mind, let me introduce you to a concept I debuted last summer called #PasswordNihilism .

Password nihilism is understanding that sites have shit complexity requirements and shit password storage, and then not giving a shit because you recognize that none of it matters. Max 8 characters? Doesn’t matter, don’t care. Plaintext storage? Doesn’t matter, don’t care.

Why doesn’t it matter, and why should you not care? Because out of all the attributes a password can have (length, complexity, uniqueness, randomness, etc.), the only one that actually matters is uniqueness. And by “matters”, I mean “actually defends against threats in the overall threat model for password security.”

So, as long as you’re using a password manager to generate and store unique passwords for each site, you too can be a password nihilist!

If you’d like to learn more about password nihilism, check out:

This interview with @thorsheim:
https://www.youtube.com/watch?v=mJkGom-bngs

And this interview with @todb:
https://open.spotify.com/episode/62kyiCbX8vsx74n94dAT1C

@epixoip

Leave a comment
Categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)