Not a true greentext but I hope I have captured the spirit of it. (First time I wrote smth like this, don’t be harsh on me. >w<)

        • RecluseRamble@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          8
          ·
          6 months ago

          That’s just recommended to emphasize length. If your password is as long as a passphrase it’s likely more secure (harder to remember though).

          • Zachariah@lemmy.world
            link
            fedilink
            arrow-up
            7
            ·
            6 months ago

            But if the point is to remember it, then you should use the security from length of series of 5+ random words. It’s easier to remember, write down, and type. All great characteristics of a master passphrase.

            • RecluseRamble@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              9
              arrow-down
              1
              ·
              6 months ago

              I don’t disagree, sorry if it sounded like I did.

              There’s just a theoretical weakness since the base word lists are usually public knowledge and bruteforcers could (and probably already have) optimize for that.

              The advantages of a passphrase outweigh though as you mentioned. An attacker would first need your repo anyway.

                • Որբունի@jlai.lu
                  link
                  fedilink
                  Français
                  arrow-up
                  1
                  ·
                  6 months ago

                  Separating some of the words with random symbols also isn’t too hard to remember and no chance that can be bruteforced.

      • XTL@sopuli.xyz
        link
        fedilink
        arrow-up
        4
        ·
        6 months ago

        Also, you don’t need to write it down correctly, if you remember what’s the missing or different or fake bit. And you can write down a few decoy ones next to it. Or have it in two different places. Lots of room for obfuscation along with some good old fashioned physical security on where you store the note. And the backup note off-site, if you’re that kind of person.

        Hell, just make some extra decoy ones just for fun and practice.

    • BubbleMonkey@slrpnk.net
      link
      fedilink
      arrow-up
      4
      ·
      6 months ago

      My strategy for this is to have a second password manager available on a couple old devices, accessed with biometrics (fingerprint in this case), and only the master password saved within it.

      I considered saving it within the main manager itself, since I have devices where I can use biometrics rather than password, but that feels like a bad idea.

      Has definitely been a life saver

    • JackbyDev
      link
      fedilink
      English
      arrow-up
      3
      ·
      6 months ago

      Print out your recovery kit or master password and put it with your other documents (like birth certificate).