*signs up for Skillshare*
> Sorry, your password is longer than our database's glory hole can handle.
> Please shorten your password cumload to only 64 characters at most, otherwise our database will be unhappy.

Motherf-...

Well, I've got a separate email address from my domain and a unique password for them. So shortening it and risking getting that account stolen by plaintext shit won't really matter, especially since I'm not adding payment details or anything.

*continues through the sign-up process for premium courses, with "no attachments, cancel anytime"*
> You need to provide a credit card to continue with our "free" premium trial.

Yeah fuck you too. I don't even have a credit card. It's quite uncommon in Europe, you know? We don't have magstripe shit that can go below 0 on ya.. well the former we still do but only for compatibility reasons. We mainly use chip technology (which leverages asymmetric cryptography, awesome!) that usually can't go much below 0 here nowadays. Debit cards, not credit cards.

Well, guess it's time to delete that account as well. So much for acquiring fucking knowledge from "experts". Guess I'll have to stick to reading wikis and doing my ducking-fu to select reliable sources, test them and acquire skills of my own. That's how I've done it for years, and that's how it's been working pretty fucking well for me. Unlike this deceptive security clusterfuck!

How long password do you need though?

@BigBoo Anything goes with my password manager (GNU Pass). Long passwords often reveal this server-side shit, though it sometimes gives false positives with bcrypt front-end limitations as well. Usually that's 72 char limit, but it depends between implementations. Essentially bcrypt truncates after a certain amount of chars so you don't want to send more than that to the servers, which is reasonable. But 64 is in this grey zone of "is it a red flag, or isn't it?".. So especially when I have to enter sensitive data that isn't unique to that website, I bail out just to be on the safe side.

As for why I use such long passwords.. not because security. On the hash cracking side, even the most powerful GPU's can only hash 13-14 char random passwords in a reasonable amount of time. Emphasis being on random.. dictionary attacks are always used first. Then comes social engineering, and last comes bruteforce. So in terms of password security, my default 256 chars are way overkill and in case of bcrypt don't even add anything above whatever its implementation chose as a limit.

But to my defense, it helps me identify the sites that I may not want to register on. My own password security is one thing - and it's definitely overkill - but the server side security is just as important. Perhaps even more so since that's something that I don't control. The security of the services that I sign up to all depends on the competence of whoever runs that thing.. which more than once I've come to question.

As to answer your question: 13-14 random characters - preferably generated by a password manager - should suffice.. for now. I'd choose at least 16 for the next year or so just to be safe.

Why don't you just put in a debit card >.>?

At this point they are almost analogous

@D--M can you really do that?

@D--M Debit cards don't have a CVV, and their IBAN (sort of ID I guess?) length doesn't match with that of Visa or whatever, at least not here in Belgium. So using the debit card for credit card purchases is often impossible.

@Condor same here in Portugal.

Here in the UK you can use debit and credit cards interchangeably, for virtually all brands and number sequences. That's what you come to expect when you live in the home of online banksters, fraudsters and people that crash the world economy for a living. Nothing can get in the way of debt and cards are a gateway to even more debt.

I hate skillshare, i deleted it right now from my cel...

I’m fairly sure in most of the globe when it asks for a credit card you can use either a credit or debit card. Credit card is just the name that has taken off and most people use to call any card...

@Jacobgc well, I can't use my debit card as a credit card.

@shellbug @Condor
I guess they do things a bit backwards over there.

Where I'm from, they are literally the same thing. The track data is almost identical.. Just one won't let you "borrow".

@D--M so.. Belgium is backwards for clearly separating debit cards from credit cards, and not encouraging the use of the latter.. because, well.. risk of debts. There's loans for buying stuff that would otherwise get you below 0. And the websites are very progressive for not accepting something like.. I dunno, maybe bank transfers. Got it.

@Condor
Exactly, now your getting it backwards boy!

:D

@Condor the reduction from 72 chars to 64 chars is probably for salt (just a guess). And if you’re running up against this limit, you’re really going over the top my dude!!