Ever since the Lastpass breach (thankfully moved to Bitwarden and recycled passwords prior) I’ve had a heightened awareness of the potential for vulnerabilities beyond my paygrade leading to online catastrophe for me. I use Bitwarden to generate a random password for all sites.

If it’s something which could truly cause a headache such as my email or banking however, I’ll usually append the domain name, or a word, or a symbol to the password such that after my phone or PC’s Bitwarden autofill enters the saved password I also need to enter whichever word or symbol for the site. Feels like this gives me some defense if people smarter than me made a mistake, but I guess I have questions for folks who know about hashing/blackmagic/thecyber.

  • Would this have any benefit, if one were to put “google” at the end of their Google password, as far as protecting from a password manager exploit?
  • No, I don’t actually put google or reddit at the end of my password; oops not a question
  • Is that already something baddies would know to try? Or did I just play myself by posting this on the internet?
  • edent@lemmy.one
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    What’s the higher likelihood:

    • You forget your special ending
    • Hackers find one of your plain text passwords which is p4ssw0rdGOOGLE AND crack your password vault AND see that the password isn’t there AND determine what your secret scheme is AND think you’re worth spending the effort on?