#/

There are a lot of 3 word combinations, it would take a lot of time, and a lot of resources

oh definitely

password brute forcing is most effective against common passwords, and the people who use passwords around 8 characters are going to be passwords which are either personal to them or are common, like just using password123 or a company name or something similar, even with the same length but using a generated password instead, it gets harder to brute force, obviously using longer is gonna be a lot harder to brute force

passwords will eventually phase out when we get to the point where it makes any significant difference, anyone using anything less than 20 characters will have to change it more, but the switch to passkeys and hardware keys is going to happen fully eventually