 Tom here from Orange Systems and Bitwarden was only using 100,000 rounds of PBK DF2 by default. So that means they changed it, right? Yes. On January 24th, they changed it to 600,000 rounds on new accounts. But that leaves lots of people using Bitwarden asking, am I secure? Does this mean I wasn't secure for a long time? And what about the security researchers? And there's a lot of links to a lot of people having a lot of discussions about that or even the fact that the audit report that Bitwarden paid for by Cure53 to audit their code mentioned, they probably should be using more than 100,000 rounds. And this really comes down to, you know, to answer the question without going any further, whether or not your account is secure is a question of how good is your master password? I don't care if you have 100,000 rounds, 600,000 rounds, or keep running that number up. That is a linear scale for adding entropy. It is an exponential scale for adding entropy by having good password. If your password is bad, then your likelihood of being secure is bad. I don't care how many iterations they add. So really, the confidence you should have is in how good is your master password. We'll talk a little bit more later in a video about good master passwords and a couple articles that I'll discuss. But I want to make sure people are clear. If you have a good master password, this change doesn't really affect you. Can you change the iterations on an existing account? Yes, you can go into your Bitwarden account. You can go over and click on the security and you can change that setting. So you can up them on an existing account. But it really comes down to that linear versus exponential scale. Having a good master password is really key here. And I want to break down this because this is this nuanced discussion where good cryptographers are having good discussion about key declaration function. But I don't think that the average person really knows what this is, or even some of the more technical people may not understand the reason we use these. And the point of these is to stretch a low entropy input into a higher entropy. And when you're building a product like Bitwarden, you're asking it to be used by not just technical people like myself, but kind of the average public or a lot of people who may not spend a lot of time thinking about cryptography. Well, you're going to get some low entropy in there for some of the passwords. This is a way to add a little bit of entropy. And I say a little bit because it's just a little bit more each time you add some iterations on there, but it's not a massive jump. The big jumps, though, the exponential amount of entropy that you're going to add really comes down to master password. And let's talk about a couple articles now, now that you know that you don't have to panic as long as you have a good master password. So let's talk about these articles and kind of give you a better explainer on this. I thought this was a great blog post by the folks over at OnePassword. I'm not a OnePassword user, but I don't see a reason for those of you that like the product not to continue using your product. And by the way, this blog post was from 2013. So the time to crack may have changed a little bit, but the concept is still the same. We have the password length of seven characters, nine characters, 11, 14 or 16. These represent completely random characters that would have been chosen for your master password. Hard to remember, but the concept is here of how a little bit of entropy is an exponential increase in the challenge of cracking that password. And if we start with seven, you look at nine days. I see probably even less today, but that's a pretty fast way to crack a password if your master password is that short. But we can add iterations to stretch the entropy. So maybe it's going to take 23 days or 41 days. And you know, that is a challenge and this goes from 10,000 all the way up to 450,000. So 41 days, you stretch that entropy just a little bit. But when you talk about going to 11 random characters, now you're talking 1.4 million plus years. That's a lot. Now it still scales. We can get 3 million years if we add 2,500, but we can get, you know, 450,000 rounds going and then we can get 6.7 million years. And this is my point of your master password being key to this. And it's kind of a nuanced argument. So yes, they should increase it. But for those of us who use really strong high entropy master passwords, they're just stretching a little further. It was already going to take you over 1.5 million years to crack my password. It's going to take, you know, 3 million years now that I've increased it from the 10,000 to the 25 to the, well, whatever I put it at that higher number. So there is an increase. There is a value in doing it. But if your master password is good, your system is secure. And while I'm over here on the one password blog, I would recommend reading this, the not in a million years, which you think is a great title, which is how long it would take to correct certain passwords. And essentially what they're talking about is the human versus machine conundrum we have here. This may look to some people like a really high entropy, incredibly difficult to guess password. And it might be for the average person, but for people who specialize in password cracking on the fact that so many passwords have leaked, and there's all these different abilities that people have to use things like rainbow tables, previously passwords, and just understanding how humans put patterns together. That's actually not that random Fido eight my two socks. We can actually use the bit warden password strength checker to get an idea of how long that would take three years. So okay, let's add a few more words this just the other day. And just by adding a little bit more, maybe some dashes, maybe some different things to your password manager, your master password change, you're going to dramatically increase the entropy way more than you would have just a few more iterations. That's really the point I was trying to make with all of this. Now I tried covering this topic as simple as possible, but I will leave links to the forum discussions such as the one over in bit warden, which has links to lots of different security researchers, links to the one password articles. Well, I always like to leave lots of links in the description because I encourage everyone to read and dive deeper into this topic. But keep it in mind that it is important that security researchers have debates about things like key iteration, but in a big picture, the most important is still going to be your master password. I don't want anyone to get lost or get caught up in some of the fear or confusion that may come out of it. But hey, it's a great discussion. It's fun to read all this stuff or at least I think so. Let me know your thoughts in the comments down below or head on my forum for a more in-depth discussion. Thanks.