> Now you may well be an exception (as am I) in that you use a password manager and generate random passwords in which case 20 characters is just fine.<p>This is in my opinion the most important takeaway.
If Troy Hunt generates random passwords, you should too.<p>I like to see it this way.
The only true password strength indicator goes like this.<p><i>Ask yourself:</i><p><i>"Did the creation of my password involve a good source of randomness?"</i><p><i>If the answer is "No", your password is bad.</i><p><i>If the answer is "Yes", it depends.</i>
I love articles by Troy Hunt. I upvote them, then read them. And they have always been worth the upvote.<p>Anyways, when are websites ever going to catch on....