Interesting post about how very small a part "password complexity" plays in in defending people against account compromise in the real world... https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Your-Pa-word-doesn-t-matter/ba-p/731984
It occurs to me that when I make my Apple ID password complex, the implied threat model I'm defending against, is somebody compromising Apple completely, and yet the thing they choose to do with their access in that apocalyptic scenario is find Apple's DB of hashed passwords and go at it brute force in order to compromise individual users' accounts. But don't worry, I'm safe, it will take them too long to brute force my account! Ha ha!
A Mastodon instance for tabletop gamers.