i know. longer the password, harder for a hacker to guess the password.
But,
if the hacker steal the password rather than to guess the password, then, longer the password, it's easier for the hacker to guess the _master_ password from the stolen password. because longer password means more infomation.
That's really more infomation, using Online version with master password = amaster, username = auser, passwordlength = 12, url = password.org, the generated password is:
EyNBL:}CcHjf
Now, with same setting but change password length to 15, the generated password is:
EyNBL:}CcHjfuQY
EyNBL:}CcHjf
and
EyNBL:}CcHjfuQY
, the former is a substring of the latter, so somehow infomation of latter contains infomation of former.
In sum, if i am right, a dilemma!
So question is what length is the most recommended or secure password length?