<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Blog · password.es</title><description>Articles about passwords, security, and why almost everything we were taught was wrong.</description><link>https://password.es/</link><language>en</language><item><title>What a password is, and why we&apos;ve had it wrong for sixty years</title><link>https://password.es/en/blog/what-is-a-password/</link><guid isPermaLink="true">https://password.es/en/blog/what-is-a-password/</guid><description>The computer password was born in 1961 and the first breach came a year later. Almost everything we were taught about passwords came from a 2003 guess its own author regrets.</description><pubDate>Fri, 17 Jul 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>Why password.es never sends your password anywhere</title><link>https://password.es/en/blog/why-password-es-never-sends-your-password/</link><guid isPermaLink="true">https://password.es/en/blog/why-password-es-never-sends-your-password/</guid><description>A site that asks for your password in order to check it has a trust problem no promise can fix. Our answer isn&apos;t a better promise: it&apos;s not needing the password at all, and letting you verify that yourself in thirty seconds.</description><pubDate>Wed, 15 Jul 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>Your password manager vs your memory: the one rule that survived</title><link>https://password.es/en/blog/your-password-manager-vs-your-memory/</link><guid isPermaLink="true">https://password.es/en/blog/your-password-manager-vs-your-memory/</guid><description>Of every password rule we were taught, only one is still standing: a different one on every site. It is also the only one nobody follows, because with memory alone it is literally impossible.</description><pubDate>Thu, 02 Jul 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>Passkeys: the password that doesn&apos;t exist</title><link>https://password.es/en/blog/passkeys-the-password-that-doesnt-exist/</link><guid isPermaLink="true">https://password.es/en/blog/passkeys-the-password-that-doesnt-exist/</guid><description>If the trouble with passwords is that there&apos;s a shared secret someone else keeps on your behalf, the fix is to get rid of the shared secret. That&apos;s what passkeys are — here&apos;s what they fix and what they don&apos;t.</description><pubDate>Thu, 18 Jun 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>Security questions are a password you never chose</title><link>https://password.es/en/blog/security-questions/</link><guid isPermaLink="true">https://password.es/en/blog/security-questions/</guid><description>Your mother&apos;s maiden name isn&apos;t a secret, it&apos;s a public record. Google analysed hundreds of millions of secret answers and concluded they don&apos;t work on their own.</description><pubDate>Thu, 28 May 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>2FA: why SMS is the worst of the good options</title><link>https://password.es/en/blog/2fa-sms-the-worst-of-the-good-options/</link><guid isPermaLink="true">https://password.es/en/blog/2fa-sms-the-worst-of-the-good-options/</guid><description>A second factor over SMS is far better than no second factor at all and, at the same time, the weakest one there is. The reason isn&apos;t cryptographic: it&apos;s that somebody at your carrier picks up the phone.</description><pubDate>Thu, 07 May 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>What really happens when your password leaks</title><link>https://password.es/en/blog/what-really-happens-when-your-password-leaks/</link><guid isPermaLink="true">https://password.es/en/blog/what-really-happens-when-your-password-leaks/</guid><description>A breach doesn&apos;t end the day it hits the news — that&apos;s where it starts. It gets cracked, cross-referenced with other lists and resold, and all of it works for one reason: we reuse.</description><pubDate>Thu, 16 Apr 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>Hash, salt, bcrypt and Argon2: what a well-built site does with your password</title><link>https://password.es/en/blog/hash-salt-bcrypt-argon2/</link><guid isPermaLink="true">https://password.es/en/blog/hash-salt-bcrypt-argon2/</guid><description>A well-built site doesn&apos;t know your password: it keeps a fingerprint. And the function that computes that fingerprint has to be slow on purpose, because it&apos;s the one defence where attacker and defender run exactly the same race.</description><pubDate>Thu, 26 Mar 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>How long your password really takes to crack</title><link>https://password.es/en/blog/how-long-does-your-password-really-take-to-crack/</link><guid isPermaLink="true">https://password.es/en/blog/how-long-does-your-password-really-take-to-crack/</guid><description>How long a password holds out isn&apos;t decided by the password: it&apos;s decided by the hash the site stored it with. And nobody mentions that when you sign up.</description><pubDate>Wed, 04 Mar 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>Diceware: how five dice pick a better password than you do</title><link>https://password.es/en/blog/diceware-dice-pick-better-passwords-than-you/</link><guid isPermaLink="true">https://password.es/en/blog/diceware-dice-pick-better-passwords-than-you/</guid><description>In 1995 Arnold Reinhold solved the problem of human randomness with five dice and a list of 7,776 words. Every roll is worth 12.9 bits, and they&apos;re 12.9 real ones.</description><pubDate>Thu, 12 Feb 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item><item><title>What entropy bits are, and why we won&apos;t give you a percentage</title><link>https://password.es/en/blog/what-are-entropy-bits/</link><guid isPermaLink="true">https://password.es/en/blog/what-are-entropy-bits/</guid><description>A strength percentage means nothing. A bit does: every bit doubles the number of guesses someone needs to crack your password. How to read the number the generator shows you, without a single frightening equation.</description><pubDate>Thu, 22 Jan 2026 00:00:00 GMT</pubDate><source url="https://password.es/en/blog/rss.xml">password.es</source></item></channel></rss>