this post was submitted on 09 Jul 2023
10 points (100.0% liked)

/c/cybersecurity - Cybersecurity News & Discussion

2111 readers
1 users here now

A community for technical news and discussion of cybersecurity and closely related topics.

founded 4 years ago
MODERATORS
 

Ever since the Lastpass breach (thankfully moved to Bitwarden and recycled passwords prior) I've had a heightened awareness of the potential for vulnerabilities beyond my paygrade leading to online catastrophe for me. I use Bitwarden to generate a random password for all sites.

If it's something which could truly cause a headache such as my email or banking however, I'll usually append the domain name, or a word, or a symbol to the password such that after my phone or PC's Bitwarden autofill enters the saved password I also need to enter whichever word or symbol for the site. Feels like this gives me some defense if people smarter than me made a mistake, but I guess I have questions for folks who know about hashing/blackmagic/thecyber.

  • Would this have any benefit, if one were to put "google" at the end of their Google password, as far as protecting from a password manager exploit?
  • No, I don't actually put google or reddit at the end of my password; oops not a question
  • Is that already something baddies would know to try? Or did I just play myself by posting this on the internet?
you are viewing a single comment's thread
view the rest of the comments
[–] CAPSLOCKFTW@lemmy.ml 2 points 1 year ago

"baddies" usually prefer easy targets. So unless you are high profile you will be fine IMO.

If you're high profile you should have weekly changing, random, 16+ chars long passphrases that are not stored digitally. At least for the important stuff.