1. 9
  1.  

    1. 2

      Talking about general password usage, I would think that two factor authentication plus lockout period when could help to slow down these type of guessing attacks at least for online services. That makes me think if using a online password manager with those features would be more difficult to attack than a keepass database.

      Also I’m probably the last person to hear about zxcvbn for the first time :-)