You can see the details of our calculations in [[!tails_ticket 19615]] and this [spreadsheet](https://cryptpad.disroot.org/sheet/#/2/sheet/view/KdOJLeuCsc4dS3vq-bHhFw6zByUSRJXsCcAkB-ERxtc/).
Using other password schemes give little guarantee over the strength of a password, even if it follows complicated password policies and validates on password strength meters.
For example, a [Dutch hacker logged into Donald Trump's Twitter account *twice*](https://www.washingtonpost.com/world/2020/12/17/dutch-trump-twitter-password-hack/)by guessing his passwords, despite that these passwords included several words, were more than 8 characters, and even had special characters. They were definitely not random enough: "*maga2020!*" and "*yourefired*".
To understand the maths behind password strength, watch [An information theoretic model of privacy and security metrics](https://media.libreplanet.org/u/libreplanet/m/an-information-theoretic-model-of-privacy-and-security-metrics/).Bill Budington from the EFF explains the concept of entropy and its implication on browser fingerprinting and password safety in accessible terms.
If you created your Persistent Storage with Tails 5.12 or earlier, we recommend you migrate your entire Tails to a different USB stick and destroy your old Tails USB stick (or at least [[securely delete the entire device|doc/encryption_and_privacy/secure_deletion#device]]).
If you don't, the previous LUKS1 data might still be written in some recovery data on the USB stick and could be recovered using advanced data forensics techniques.