Password “strength” is understood by most folks to be determined by the variety of character types in a password. But while signup forms might think complexity is security, attackers disagree. Complexity no longer defends against a modern threat model. What makes strong passwords in 2019? We need to first examine the actual threat model faced by most folks. Password Complexity Misses the Point Password “strength” is often just a function of complexity, or the amount of randomness in a password, measured by the use of symbols, numbers, and upper… Read more