Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 
SpookyAwol
517 posts

Ultimate Geek


  #2042299 22-Jun-2018 10:46
Send private message

I tend to use a composite key for passwords so that it works over multiple sites.
Generally the requirement is for Capitals, numeric and symbols.

So what I do, is have a master password - eg "ExtremelyHardPassword"
Then I would follow up with a unique identifier for the site / app based on its name - eg for NZ Herald, I might use "NZH"
Following that, I might use a master end string. eg "#14"
So my complete password would be "ExtremelyHardPasswordNZH#14"

For another site, such as Geekzone, it would be "ExtremelyHardPasswordGZ#14"

That way with multiple sites, I only need to concentrate on getting the unique identifier right.

Any real flaws with that concept?


jonathan18
4822 posts

Uber Geek

Trusted
Subscriber

  #2042312 22-Jun-2018 11:37
Send private message

Rickles:

 

...BUT what happens if -

 

(a) someone steals my laptop and happens upon the 'master' password … do they then have rampant access to all my websites/accounts simply because the password manager then allows it?

 

 

Won't the outcomes of this also partly depend on whether one has 2FA enabled for the password manager app, and how this is set up?

 

I've got 2FA set up with LastPass, but have also set my laptop as a trusted device for 30 days, so if someone had both access to my laptop, my laptop password or passcode, and my master password then sure there's nothing I can do. I guess the option is still there not to set a device as trusted, so need to enter a 2FA code in each time. That would be a nightmare in terms of practicality, but more secure.

 

Given I think it's incredibly unlikely someone will have access to all three things (actual device, device password/code, password manager 'master password'), I'm not too worried... Whether anyone should have a device set up without password protection would be a good starting point!


 
 
 
 


Varkk
458 posts

Ultimate Geek

Subscriber

  #2042313 22-Jun-2018 11:38
Send private message

SpookyAwol:

 

I tend to use a composite key for passwords so that it works over multiple sites.
Generally the requirement is for Capitals, numeric and symbols.

So what I do, is have a master password - eg "ExtremelyHardPassword"
Then I would follow up with a unique identifier for the site / app based on its name - eg for NZ Herald, I might use "NZH"
Following that, I might use a master end string. eg "#14"
So my complete password would be "ExtremelyHardPasswordNZH#14"

For another site, such as Geekzone, it would be "ExtremelyHardPasswordGZ#14"

That way with multiple sites, I only need to concentrate on getting the unique identifier right.

Any real flaws with that concept?

 

 

 

 

The flaw is when a site with poor password security gets popped and plain text passwords gets leaked then we can see what "ExtremelyHardPassword" is. Then someone can try "ExtremelyHardPasswordBANKNAME#14" on your bank account. It would be easy enough for someone to script that sort of pattern hunting and login attempts.

 

It might be acceptable for sites with no real repercussions e.g Herald comments etc but for all that effort you may as well use a real password manager.


dt

dt
726 posts

Ultimate Geek


  #2042321 22-Jun-2018 11:58
Send private message

Varkk:

 

SpookyAwol:

 


Any real flaws with that concept?

 

 

 

 

The flaw is when a site with poor password security gets popped and plain text passwords gets leaked then we can see what "ExtremelyHardPassword" is. Then someone can try "ExtremelyHardPasswordBANKNAME#14" on your bank account. It would be easy enough for someone to script that sort of pattern hunting and login attempts.

 

It might be acceptable for sites with no real repercussions e.g Herald comments etc but for all that effort you may as well use a real password manager.

 

 

 

 

Here's a really good video that explains what Varkk just mentioned and how easy it is with all these tools readily available online now.

 

https://www.youtube.com/watch?v=7U-RbOKanYs

 

I really like his vids, he makes them really easy to understand what hes talking about


1 | 2 | 3 | 4 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic





News »

NASA discovers water on sunlit surface of Moon
Posted 27-Oct-2020 08:30


Huawei introduces new features to Petal Search, Maps and Docs
Posted 26-Oct-2020 18:05


Nokia selected by NASA to build first ever cellular network on the Moon
Posted 21-Oct-2020 08:34


Nanoleaf enhances lighting line with launch of Triangles and Mini Triangles
Posted 17-Oct-2020 20:18


Synology unveils DS16211+
Posted 17-Oct-2020 20:12


Ingram Micro introduces FootfallCam to New Zealand channel
Posted 17-Oct-2020 20:06


Dropbox adopts Virtual First working policy
Posted 17-Oct-2020 19:47


OPPO announces Reno4 Series 5G line-up in NZ
Posted 16-Oct-2020 08:52


Microsoft Highway to a Hundred expands to Asia Pacific
Posted 14-Oct-2020 09:34


Spark turns on 5G in Auckland
Posted 14-Oct-2020 09:29


AMD Launches AMD Ryzen 5000 Series Desktop Processors
Posted 9-Oct-2020 10:13


Teletrac Navman launches integrated multi-camera solution for transport and logistics industry
Posted 8-Oct-2020 10:57


Farmside hits 10,000 RBI customers
Posted 7-Oct-2020 15:32


NordVPN starts deploying colocated servers
Posted 7-Oct-2020 09:00


Google introduces Nest Wifi routers in New Zealand
Posted 7-Oct-2020 05:00









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.