William Allen Simpson wrote:
This replacement password is much more easily guessed. The account could have been stolen within minutes or hours.
Is this true? (Yes, I know that a fast machine can try zillions of passwords per hour in theory, but for a reasonably designed system, certainly not in practice.)
Please update the password generator to use at least 17 characters,
That seems like far too many.