12 characters is better than the minimum, but dictionary words make it attackable, especially if anyone observes you logging in.
I don't know my password.
I use LastPass and the first half of my LastPass password is 27 characters, and the last half of the password is a a further 32 characters stored on a YubiKey.
I truly do not know the password that accesses all my passwords. I need both the gibberish in my head and the YubiKey to access anything.
It's all useless though. Super strong passwords only protect logins, and nearly every system in the world has an "ImpersonateUser" function, and those that don't are all subject to social engineering attacks.
I don't know my password.
I use LastPass and the first half of my LastPass password is 27 characters, and the last half of the password is a a further 32 characters stored on a YubiKey.
I truly do not know the password that accesses all my passwords. I need both the gibberish in my head and the YubiKey to access anything.
It's all useless though. Super strong passwords only protect logins, and nearly every system in the world has an "ImpersonateUser" function, and those that don't are all subject to social engineering attacks.