I know that the bits of entropy should be high when dealing with offline/local items, like desktop encryption or KeePass databases. I personally aim for 256+ bits of entropy for those items. But what should the ideal range be for online accounts?
I’d like to add that most online accounts should really be locked behind a randomized password that is held within your password manager, but I’m referring to specific instances in which you would want/need to memorize it.
In my situation, I use passphrases for important online accounts so that I can log in on a whim if I needed to. There should be a point of diminishing returns for how long those passphrases should be, no? If any of you guys could help me understand this, I’d appreciate it.