@Homebrewandhacking @bitwarden @1password
You’re right – you have no control over the password policies for third-party services. So with that in mind, let me introduce you to a concept I debuted last summer called #PasswordNihilism .
Password nihilism is understanding that sites have shit complexity requirements and shit password storage, and then not giving a shit because you recognize that none of it matters. Max 8 characters? Doesn’t matter, don’t care. Plaintext storage? Doesn’t matter, don’t care.
Why doesn’t it matter, and why should you not care? Because out of all the attributes a password can have (length, complexity, uniqueness, randomness, etc.), the only one that actually matters is uniqueness. And by “matters”, I mean “actually defends against threats in the overall threat model for password security.”
So, as long as you’re using a password manager to generate and store unique passwords for each site, you too can be a password nihilist!
If you’d like to learn more about password nihilism, check out:
This interview with @thorsheim:
https://www.youtube.com/watch?v=mJkGom-bngsAnd this interview with @todb:
https://open.spotify.com/episode/62kyiCbX8vsx74n94dAT1C