Given how common it is for people to use the ‘reset password’ link for this exact purpose, it does make it seem kinda redundant to even implement passwords on many services to begin with.

Very similar heuristic here, insofar as when to use passphrases and how long.

LUKS and Bitlocker volumes get 8 words, computer logins usually get 4 words (potentially more depending on frequency/criticality of system).

Smartcards and mobile devices do have numeric pins due to frequency of use and relative difficulty in copying those for offline attacks.

Websites that are filled in w/ password manager get passwords get the random symbol-laden strings that ‘meet requirements’

https://lemmy.world/post/10802805

Is there a non-video source for this information?

Something something “Looking Glass”

I am currently using a double proxy: HAProxy handling SSL termination and the outward facing ports on one host, pointed at NGINX from the docker-compose file with the SSL termination stuff removed running on another host.

Websockets can be/are a pain, so it may be that imo.