this post was submitted on 27 Oct 2023
1299 points (98.0% liked)

Memes

45180 readers
1533 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
1299
Add-on: same password, same identity. (lemmy.world)
submitted 10 months ago by [email protected] to c/[email protected]
177 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 107 points 10 months ago (35 children)

The only good passwords are those you don't know yourself because they are randomly generated and all stored in your password manager of choice.

[–] [email protected] 15 points 10 months ago (6 children)

depends on the password manager....

also, the length of the password is WAY more important than it being randomly generated as long as it's not in a password dictionary somewhere. I use 20+ character passphrases that i can easily remember everywhere for instance

[–] [email protected] 9 points 10 months ago (5 children)

My strategy is to have a persistent short passphrase that's within every password I use, and pair it with a silly bastardization of the service I have an account for. So, for example, if my passphrase were hunter2 (lol) and I had an account on Netflix, my password for Netflix might be something like hunter2NutFlex. Because of this, I can manage my own passwords in basic text as "code NutFlex" because the "code" portion is encrypted in my own fucking brain. If Netflix gets hacked, somebody has a password that only works with Netflix, and they'd need my text file as a Rosetta Stone to acquire my other passwords. Not impossible, but who the fuck am I and why would anybody dig that deep to do that to me?

I'm no IT expert, so somebody tell me if this is a stupid and overly vulnerable strategy. I thought I was pretty brilliant for coming up with this and rolling it out several years ago.

[–] [email protected] 3 points 10 months ago* (last edited 10 months ago)

It's not the worst strategy (and is actually referred to as 'peppering' your password)... but if your primary use-case is websites and mobile apps, using a password manager like Bitwarden and randomly generated strong passwords is still a better strategy (and probably faster too, since you don't need to type it out manually anymore, and/or remember which flex you used when creating your 'peppered' password).

This is a good approach if you have to login to services that aren't via a web browser though - e.g. Remote desktops etc.

load more comments (4 replies)
load more comments (4 replies)
load more comments (32 replies)