Re: Password variation scheme a plus in security?

["Gleb Paharenko" <gpaharenko () gmail com>]

Hi.

Consider using some password manager. You can combine it with SSO and
smart cards for storing or encrypting passwords.

2008/6/30 Stefan Schmidt <Stefan.Schmidt () gmx net>:
> I need an opinion. Let's say I have a few hundred web accounts
> and I don't want to remember a few hundred passwords, neither
> do I want to look them up each time I want to access one of the
> sites, so I'm using one (secure) password for all sites. This is
> obviously not a good thing, since when one site gets hacked
> and they stored their passwords in an unsafe manner all others
> are potentially endangered. The Question now is, would it now
> be an advantage in terms of security in this case to use a
> password variation scheme like replace the third character of
> the password with the second letter of the sites domain name
> advanced five letters in the alphabet? Obviously it would prevent
> immediately successful logins, but does this really increase
> security? My idea is that the hackers have like 100.000 passwords
> and from these maybe 90.000 give them immediate login success
> at other sites, so they might just ignore the 10.000 that don't
> immediately work. Or is it rather standard procedure in hacking
> attacks to try variations of the acquired passwords?
>
> Cheers, Stefan



-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
http://www.linkedin.com/in/gpaharenko