Depends on what you're protecting. Try not to lose sight of the idea that securi... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		AnIdiotOnTheNet on Feb 12, 2018 \| parent \| context \| favorite \| on: Let’s talk about usernames Depends on what you're protecting. Try not to lose sight of the idea that security doesn't exist in a vacuum.

Natanael_L on Feb 12, 2018 [–]

Xkcd's classical correct course battery staple is about 40 bits is entropy, while being selected uniformly at random from a fairly large pool of words.

I can assure you that the average user wouldn't get above 15 - 20 bits with self selected words. That's often worse than most current passwords.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact