research-school-2024/writeups/password-research.md

Using my library called Armour and also Dropbox's libzxcvbn, based on CISA requirements for secure passwords, I was able to derive the minimum secure password requirements that should be de facto for everyone to ensure best possible security with as little as possible.

I first started getting familiar with CISA requirements and common password requirements, later, I manually iterated security parameters until I found the best possible scenario while keeping it short:

1. Minimum length: 18
2. Large alphabet combinations. At least 2^72 combinations is what I would say is very secure.
3. No sequences (abab) or common patterns (abcdef, 1234)
4. At least 4 bits of entropy by Shannon entropy
5. Total strength of the password should be at least 128.
6. The password should not have any weakness and have a total weakness of 0.