Why long passwords? 

@TheGibson assume if they get the hash of the password. Doubt services serve you 10^10 logins.

Also then. which hash?

Kindah think maybe accounts that haven't been accessed for a while should be rehashed a few more times so it takes longer to crack them..

This tactic costs the same extra factor of extra effort for the attacker as the defender.. intuition says better is not possible, neither the server nor the attacker actually knows the password.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!