I hedge everything I say with the phrase “properly-implemented.” That means no root CAs with 10+ year expiry, no intermediate CAs with greater than 2 year expiry, no encryption hashes under 1024-bit, symmetric key generation, 45 day password change requirements with >12-character, symalphanumeric (symbols, letters, and numbers) with no repeatability, mandatory two-factor authentication (what I have and what I know), and no local key generation (all keys generated on a non-Internet-connected machine).
I’m not saying that they can’t crack it all, ever, but the amount of effort required to read my personal documents, emails, browser history, and secure transactional databases is such that they will need a really good lead to think I’m even remotely worth the effort.
Essentially, I’m hedging against someone planting incriminating data on any of my devices in the event someone or entity wants to take me down. I’m prepared to die with my complex passwords.
“Complex passwords,” huh? Well, how’s this one?
|F.I.shOOtUinTheBuTTwithA12gaSlugthatmaykz.U.UhDuBBl€@zzHOl€!