Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 
SpookyAwol
612 posts

Ultimate Geek


  #2042299 22-Jun-2018 10:46
Send private message

I tend to use a composite key for passwords so that it works over multiple sites.
Generally the requirement is for Capitals, numeric and symbols.

So what I do, is have a master password - eg "ExtremelyHardPassword"
Then I would follow up with a unique identifier for the site / app based on its name - eg for NZ Herald, I might use "NZH"
Following that, I might use a master end string. eg "#14"
So my complete password would be "ExtremelyHardPasswordNZH#14"

For another site, such as Geekzone, it would be "ExtremelyHardPasswordGZ#14"

That way with multiple sites, I only need to concentrate on getting the unique identifier right.

Any real flaws with that concept?


 
 
 

Backblaze Unlimited Backup. World’s easiest cloud backup. Get peace of mind knowing your files are backed up securely in the cloud (affiliate link).
jonathan18
7087 posts

Uber Geek

ID Verified
Trusted

  #2042312 22-Jun-2018 11:37
Send private message

Rickles:

 

...BUT what happens if -

 

(a) someone steals my laptop and happens upon the 'master' password … do they then have rampant access to all my websites/accounts simply because the password manager then allows it?

 

 

Won't the outcomes of this also partly depend on whether one has 2FA enabled for the password manager app, and how this is set up?

 

I've got 2FA set up with LastPass, but have also set my laptop as a trusted device for 30 days, so if someone had both access to my laptop, my laptop password or passcode, and my master password then sure there's nothing I can do. I guess the option is still there not to set a device as trusted, so need to enter a 2FA code in each time. That would be a nightmare in terms of practicality, but more secure.

 

Given I think it's incredibly unlikely someone will have access to all three things (actual device, device password/code, password manager 'master password'), I'm not too worried... Whether anyone should have a device set up without password protection would be a good starting point!


Varkk
635 posts

Ultimate Geek


  #2042313 22-Jun-2018 11:38
Send private message

SpookyAwol:

 

I tend to use a composite key for passwords so that it works over multiple sites.
Generally the requirement is for Capitals, numeric and symbols.

So what I do, is have a master password - eg "ExtremelyHardPassword"
Then I would follow up with a unique identifier for the site / app based on its name - eg for NZ Herald, I might use "NZH"
Following that, I might use a master end string. eg "#14"
So my complete password would be "ExtremelyHardPasswordNZH#14"

For another site, such as Geekzone, it would be "ExtremelyHardPasswordGZ#14"

That way with multiple sites, I only need to concentrate on getting the unique identifier right.

Any real flaws with that concept?

 

 

 

 

The flaw is when a site with poor password security gets popped and plain text passwords gets leaked then we can see what "ExtremelyHardPassword" is. Then someone can try "ExtremelyHardPasswordBANKNAME#14" on your bank account. It would be easy enough for someone to script that sort of pattern hunting and login attempts.

 

It might be acceptable for sites with no real repercussions e.g Herald comments etc but for all that effort you may as well use a real password manager.




dt

dt
1152 posts

Uber Geek
Inactive user


  #2042321 22-Jun-2018 11:58
Send private message

Varkk:

 

SpookyAwol:

 


Any real flaws with that concept?

 

 

 

 

The flaw is when a site with poor password security gets popped and plain text passwords gets leaked then we can see what "ExtremelyHardPassword" is. Then someone can try "ExtremelyHardPasswordBANKNAME#14" on your bank account. It would be easy enough for someone to script that sort of pattern hunting and login attempts.

 

It might be acceptable for sites with no real repercussions e.g Herald comments etc but for all that effort you may as well use a real password manager.

 

 

 

 

Here's a really good video that explains what Varkk just mentioned and how easy it is with all these tools readily available online now.

 

https://www.youtube.com/watch?v=7U-RbOKanYs

 

I really like his vids, he makes them really easy to understand what hes talking about


1 | 2 | 3 | 4 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Synology Introduces BeeStation
Posted 23-Feb-2024 14:14


New One UI 6.1 Update Brings Galaxy AI to More Galaxy Devices
Posted 23-Feb-2024 10:50


Amazon Echo Hub Available in New Zealand
Posted 23-Feb-2024 10:40


InternetNZ Releases Internet Insights 2023
Posted 20-Feb-2024 10:31


Seagate Adds 24TB IronWolf Pro Hard Drives for Multi-user Commercial and Enterprise RAID Storage Solutions
Posted 19-Feb-2024 16:54


Seagate Skyhawk AI 24TB Elevates Edge Security Capacity and Performance
Posted 9-Feb-2024 17:18


GoPro Releases Quik Desktop App for macOS and Introduces Premium+ Subscription Tier
Posted 9-Feb-2024 17:14


Ring Introduces New Ring Battery Video Doorbell Pro
Posted 9-Feb-2024 16:51


Galaxy AI Transforms the new Galaxy S24 Series
Posted 18-Jan-2024 07:00


D-Link launches AI-Powered Aquila Pro M30 Wi-Fi 6 Mesh Systems
Posted 17-Jan-2024 20:02


Newest LG 4K Lifestyle Projector Doubles as Art Objet
Posted 9-Jan-2024 15:50


More LG Smart TV Owners Set To Enjoy the Latest webOS Upgrade
Posted 9-Jan-2024 15:45


Panasonic Announces the Z95A and Z93A With Fire TV Built In
Posted 9-Jan-2024 15:30


Amazon Echo Pop Review
Posted 8-Jan-2024 14:22


Samsung Tab S9 FE Review
Posted 17-Dec-2023 08:26









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.