As they outline here, there are ~9 quadrillion possible keys, needing around 5.5 million guesses to find an account. I think they hit a nice middleground between decent entropy and still having a number you can memorize (like a credit card).
people memorize their credit card numbers?
Nowadays, not so much. In the previous decades before password managers, card vaulting, apple pay and so on: yes, if you were typing it in or writing it on forms frequently, it wasn't uncommon to just memorize it.
My point though was that there is a limit to our ability to remember long and random alphanumeric strings, and I find credit card numbers to be that limit. UUIDs are longer and have a much bigger character set.
I never put my cc in any password manager, but I also mostly just use it for online payments where I don't mind taking out the actual card to type the number in
I am surprised that they don’t provide UUIDv4’s, feels like what they provide is somewhat guessable
https://mullvad.net/en/blog/2017/6/20/mullvads-account-numbers-get-longer-and-safer/
As they outline here, there are ~9 quadrillion possible keys, needing around 5.5 million guesses to find an account. I think they hit a nice middleground between decent entropy and still having a number you can memorize (like a credit card).
people memorize their credit card numbers?
Nowadays, not so much. In the previous decades before password managers, card vaulting, apple pay and so on: yes, if you were typing it in or writing it on forms frequently, it wasn't uncommon to just memorize it.
My point though was that there is a limit to our ability to remember long and random alphanumeric strings, and I find credit card numbers to be that limit. UUIDs are longer and have a much bigger character set.
I never put my cc in any password manager, but I also mostly just use it for online payments where I don't mind taking out the actual card to type the number in