I'm not. If you use a unique password for every service, entropy doesn't matter ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		coldpie on Oct 18, 2024 \| parent \| context \| favorite \| on: Apple Passwords’ generated strong password format I'm not. If you use a unique password for every service, entropy doesn't matter beyond a low threshold, because guessing passwords against a live service is not an attack people are actually doing. The "1235" is an extreme example, I wouldn't bet my bank account on it, but I still think the point stands.

ziddoap on Oct 18, 2024 | [–]

>guessing passwords against a live service is not an attack people are actually doing

Credential stuffing is an attack people are actually doing.

Terretta on Oct 18, 2024 | [–]

> * guessing passwords against a live service is not an attack people are actually doing*

flat wrong ... if one thinks this, one likely isn't operating a high value target

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact