Choosing threshold for a good password

keepassxreboot / keepassxc

KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

https://keepassxc.org/

Other

21.1k stars 1.46k forks source link

Choosing threshold for a good password #7723

Open IpsmLorem opened 2 years ago

IpsmLorem commented 2 years ago

Since we have got now a visual indicator of googdness for password entropy, is there a way to choose the threshold ? For exemple green > 100 bits and so on ?

droidmonkey commented 2 years ago

We don't have the option to change the thresholds. Honestly that really wouldn't be a good idea since most people dont understand what entropy stands for. We offer thresholds based off of average cracking time and other metrics. These were picked a while ago and we may need to adjust them @phoerious

phoerious commented 2 years ago

I guess we could increase the "good" threshold a bit. At the moment, a full ASCII password is "good" at around 12 characters, which should be sufficient in most cases, but there is no reason not to go up to "excellent" or beyond with a password manager.