You are correct. I should have phrased it better. Of course logging 2 or 200 words is probably not that different. I’m referring to what has now been well established as the standard for security - 2 factor authentication and 3rd party authentication. And sorry for being snarky earlier. I’ll behave.
: )
1 Like
@seneca you’re right. But now at least one of them has changed his tune…
It’s not a matter of phrasing. Here’s what you said:
A twelve word pass phrase IS DEFINITELY NOT safe enough for storing a lot of value - or ANY value for that matter.
Great idea! So now even 10 word pass phrases are enough, I presume? We’re making progress!
But I have a question for you: can you tell me how would 2FA work with a Web wallet that does not know anything about the user except their wallet’s public key?
Edit: changed 19 to 10 (typo)
With all due respect, you seem to want to argue instead of stick to the point. 2 factor auth is very important in many situations but not required in some. I initially criticized you because you criticized a poster who said that a 12 word passphrase was not enough safety.
So the original conversation was about that.
And I will repeat that I agree - in many instances - especially for inexperienced users who know little about this, while a 12 word passphrase seems like perfect and impenetrable security, it is not. I was simply pointing out that a key logger can find a 12 word passphrase and rob a wallet.
At this point I might suggest that we call it quits with this correspondence.
I was warned for being snarky with you, but now that I look back, you were a bit rude to the person who suggested that 12 word pass phrases weren’t sufficient. I wonder if you have been also warned for rudeness.
Good day old sport.
Well, the 12-word pass phrase and 2FA was actually mentioned in the original post as a completely wrong, FUD statement:
Since the poster has made similar factually wrong comments and proposals and refused to retracted or substantiate them, I merely pointed at that pattern of behavior without being insulting.
Since the two resident wallet experts are not interested in continuing this exciting exchange of hard facts, I’ll recap from my side:
- Twelve word pass phrase (selected from the 1600+ word list from which it is used) is more secure from brute force attack than a password made of 20 random characters
- 2FA cannot be used if the identity of the user is unknown (duh!)
1 Like