Security Basics mailing list archives
Re: Password variation scheme a plus in security?
From: "Gleb Paharenko" <gpaharenko () gmail com>
Date: Tue, 1 Jul 2008 11:35:40 +0300
Hi. Consider using some password manager. You can combine it with SSO and smart cards for storing or encrypting passwords. 2008/6/30 Stefan Schmidt <Stefan.Schmidt () gmx net>:
I need an opinion. Let's say I have a few hundred web accounts and I don't want to remember a few hundred passwords, neither do I want to look them up each time I want to access one of the sites, so I'm using one (secure) password for all sites. This is obviously not a good thing, since when one site gets hacked and they stored their passwords in an unsafe manner all others are potentially endangered. The Question now is, would it now be an advantage in terms of security in this case to use a password variation scheme like replace the third character of the password with the second letter of the sites domain name advanced five letters in the alphabet? Obviously it would prevent immediately successful logins, but does this really increase security? My idea is that the hackers have like 100.000 passwords and from these maybe 90.000 give them immediate login success at other sites, so they might just ignore the 10.000 that don't immediately work. Or is it rather standard procedure in hacking attacks to try variations of the acquired passwords? Cheers, Stefan
-- Best regards. Gleb Pakharenko. http://gpaharenko.livejournal.com http://www.linkedin.com/in/gpaharenko
Current thread:
- Re: Password variation scheme a plus in security? Alexander Klimov (Jul 02)
- <Possible follow-ups>
- Re: Password variation scheme a plus in security? Gleb Paharenko (Jul 02)
- Re: Password variation scheme a plus in security? Stefan Schmidt (Jul 02)
- Re: Password variation scheme a plus in security? Stefan Schmidt (Jul 02)