this post was submitted on 27 Oct 2023
1302 points (98.0% liked)

Memes

45679 readers
910 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
1302
Add-on: same password, same identity. (lemmy.world)
submitted 1 year ago by [email protected] to c/[email protected]
177 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 107 points 1 year ago (35 children)

The only good passwords are those you don't know yourself because they are randomly generated and all stored in your password manager of choice.

[–] [email protected] 15 points 1 year ago (6 children)

depends on the password manager....

also, the length of the password is WAY more important than it being randomly generated as long as it's not in a password dictionary somewhere. I use 20+ character passphrases that i can easily remember everywhere for instance

[–] [email protected] 9 points 1 year ago (5 children)

My strategy is to have a persistent short passphrase that's within every password I use, and pair it with a silly bastardization of the service I have an account for. So, for example, if my passphrase were hunter2 (lol) and I had an account on Netflix, my password for Netflix might be something like hunter2NutFlex. Because of this, I can manage my own passwords in basic text as "code NutFlex" because the "code" portion is encrypted in my own fucking brain. If Netflix gets hacked, somebody has a password that only works with Netflix, and they'd need my text file as a Rosetta Stone to acquire my other passwords. Not impossible, but who the fuck am I and why would anybody dig that deep to do that to me?

I'm no IT expert, so somebody tell me if this is a stupid and overly vulnerable strategy. I thought I was pretty brilliant for coming up with this and rolling it out several years ago.

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

It's not the worst strategy (and is actually referred to as 'peppering' your password)... but if your primary use-case is websites and mobile apps, using a password manager like Bitwarden and randomly generated strong passwords is still a better strategy (and probably faster too, since you don't need to type it out manually anymore, and/or remember which flex you used when creating your 'peppered' password).

This is a good approach if you have to login to services that aren't via a web browser though - e.g. Remote desktops etc.

load more comments (4 replies)
load more comments (4 replies)
load more comments (32 replies)