@TheGibson What I'd really like to see is, say, lifetime or century-crack length over time.
That is, for a given year, what is the shortest password that can withstand likely crack attempts for 100 years.
Or perhaps ranked against budget: cracking for $0.01/key, $0.10, $1, $10, $100, $1,000, $1,000,0000, $billion, etc.
The cracking-rate progress and budget aspects of this are seriously underappreciated. Hell, I don't know these.
@dredmorbius @thegibson I think Bitcoin has proven the economy for this is a hell of a lot cheaper than people think. (Which is why I think the estimates in the chart above are woefully naive as they assume a single attacker and a one pw at a time attack.)
The amount of distributed compute power people are throwing around at cryptocoins for no budget but for imaginary profit is extraordinary. No human password survives ~100-days much less 100 years against cryptocurrency "mining".
@abbienormal One possibility is that digital infotech is fundamentally incompatible with strong and reliable identity determination and/or assertion.
Another is that some mix of identifiers, including passphrases, but also other factors: observed behaviour, third-party attestations, physical tokens (#NFCRing is one I'm partial to). Maaaaaybe biometrics, though I really don't like them. All of which require robust and efficient, though black-hat resistant, issuing and recovery procedures.
Eliminating needless (or harmful) authentication absolutely as well.
@max In meatspace there's a great deal of, for want of a better term, transient identity.
That might be token-based --- "take a number" at a deli or other service counter. It may be predicated simply by material presence in time and space --- standing in a queue, answering a door, visiting an office. Being "that guy at the gym" or "that girl at the club". Role-based identities --- museum docent, parks guide, bus driver.
For most of those involved, there's no reason to necessarily establish a longer continuity.
For transactional situations, distinguishing cash vs credit payment also makes a difference --- cash largely closes the book on a transaction, credit does not (absent returns and exchanges).
Online, these nuances are all but entirely lost.
On the internet, everyone knows you're a cat — and that's totally okay.