15 lines
1,011 B
Markdown
15 lines
1,011 B
Markdown
Using my library called [Armour](https://ari.lt/gh/armour) and also Dropbox's [libzxcvbn](https://github.com/dropbox/zxcvbn), based on [CISA requirements for secure passwords](https://www.cisa.gov/secure-our-world/require-strong-passwords),
|
|
I was able to derive the minimum secure password requirements that should be de facto for everyone to ensure best possible
|
|
security with as little as possible.
|
|
|
|
I first started getting familiar with CISA requirements and common password requirements, later, I manually iterated security parameters until I found the best
|
|
possible scenario while keeping it short:
|
|
|
|
1. Minimum length: 18
|
|
2. Large alphabet combinations. At least `2^72` combinations is what I would say is very secure.
|
|
3. No sequences (abab) or common patterns (abcdef, 1234)
|
|
4. At least 4 bits of entropy by Shannon entropy
|
|
5. Total strength of the password should be at least 128.
|
|
6. The password should not have any weakness and have a total weakness of 0.
|
|
|
|
|