Marcin Juszkiewicz wrote:
9 characters password in 2022 is considered 'easy breakable'
thanks to
power of GPUs.
To "break" the password offline with a GPU, you need a hashed password to
begin with. If I log in securely over HTTPS and if the server is not
compromised (and neither is my computer), you do not get my password,
neither hashed nor unhashed. So then you need to actually brute-force the
password by logging in to the server, the GPU will not help you a bit, and
you will likely get blacklisted pretty quickly. So I see this as an absolute
non-issue.
Maybe start using some password manager to generate and store long
enough passwords?
Well, yes, I store the password in KWallet, so it was not a major
inconvenience to have to generate and store a new one. It was just an
entirely unnecessary inconvenience.
Kevin Kofler