As they outline here, there are ~9 quadrillion possible keys, needing around 5.5 million guesses to find an account. I think they hit a nice middleground between decent entropy and still having a number you can memorize (like a credit card).
Nowadays, not so much. In the previous decades before password managers, card vaulting, apple pay and so on: yes, if you were typing it in or writing it on forms frequently, it wasn’t uncommon to just memorize it.
My point though was that there is a limit to our ability to remember long and random alphanumeric strings, and I find credit card numbers to be that limit. UUIDs are longer and have a much bigger character set.
I never put my cc in any password manager, but I also mostly just use it for online payments where I don’t mind taking out the actual card to type the number in
To be fair, would it matter if someone got access to your account key? There isn’t really any data on your account is there (isn’t that the point)? It’d just let you connect to the VPN
They can use your secondary connection for free. It depends if that bothers you or not. If you’re already using both it could lead to disruption on your part I guess? Not 100% on that though
Great news! Mullvad is great even if their account security makes you do a double take
I am surprised that they don’t provide UUIDv4’s, feels like what they provide is somewhat guessable
https://mullvad.net/en/blog/2017/6/20/mullvads-account-numbers-get-longer-and-safer/
As they outline here, there are ~9 quadrillion possible keys, needing around 5.5 million guesses to find an account. I think they hit a nice middleground between decent entropy and still having a number you can memorize (like a credit card).
people memorize their credit card numbers?
Nowadays, not so much. In the previous decades before password managers, card vaulting, apple pay and so on: yes, if you were typing it in or writing it on forms frequently, it wasn’t uncommon to just memorize it.
My point though was that there is a limit to our ability to remember long and random alphanumeric strings, and I find credit card numbers to be that limit. UUIDs are longer and have a much bigger character set.
I never put my cc in any password manager, but I also mostly just use it for online payments where I don’t mind taking out the actual card to type the number in
To be fair, would it matter if someone got access to your account key? There isn’t really any data on your account is there (isn’t that the point)? It’d just let you connect to the VPN
They can use your secondary connection for free. It depends if that bothers you or not. If you’re already using both it could lead to disruption on your part I guess? Not 100% on that though