@TheGibson What I'd really like to see is, say, lifetime or century-crack length over time.
That is, for a given year, what is the shortest password that can withstand likely crack attempts for 100 years.
Or perhaps ranked against budget: cracking for $0.01/key, $0.10, $1, $10, $100, $1,000, $1,000,0000, $billion, etc.
The cracking-rate progress and budget aspects of this are seriously underappreciated. Hell, I don't know these.
@dredmorbius @thegibson I think Bitcoin has proven the economy for this is a hell of a lot cheaper than people think. (Which is why I think the estimates in the chart above are woefully naive as they assume a single attacker and a one pw at a time attack.)
The amount of distributed compute power people are throwing around at cryptocoins for no budget but for imaginary profit is extraordinary. No human password survives ~100-days much less 100 years against cryptocurrency "mining".
2FA is a good start and useful stop gap, but I worry isn't enough because today's 2FA doesn't scale "socially" well; it's all too easily social engineered because humans are bad at all "factors". We almost need a ground up rethink, says the pessimism in me.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!