Add-on: same password, same identity. - eviltoast
  • moonmeow@lemmy.ml
    link
    fedilink
    arrow-up
    18
    ·
    1 year ago

    Yes that’s definitely a concern to keep in mind.

    The problem is that if someone doesn’t use a password manager they’re morenlikely to reuse weak ones.

    Using a password manager is a better path, as long as there is awareness on how to keep it secured.

    • Browning@lemmings.world
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      I use the same password for every site, but I put the name of the site at the end of the password.
      For example:
      NotmypassB3ta.
      NotmypassGoogle.
      NotnypassLemmy. Etc.
      I figure it might stop the most lazy of attacks.

      • lud@lemm.ee
        link
        fedilink
        arrow-up
        8
        ·
        1 year ago

        It will stop a lot of attacks but if someone figures it out, you’re screwed. So I don’t recommend it.

        But years ago I used the same password everywhere except with a few differences due to different requirements (like special characters) and the weakest passwords I used got leaked on pastebin (or similar). And sure enough many accounts got compromised, not a huge deal and I didn’t lose anything I cared about.

        The interesting part is that no-one seemed to try the leaked password + 1234 or a capital letter in the beginning.

      • moonmeow@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        That sounds not ya I’m sure it stops a , as long as the actual password is also strong. IMO there’s still some vulnerability. If someone finds out your password and notices thepattern ‘pass+Site’, then they mighttryyon another site.

        Also why it’s a good idea to have a few emails yo use across multiple sites.

      • Droechai@lemm.ee
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        I had something similar but ran into issues with sites requiring specific symbols, disallowing certain symbols and limiting lengths or similar

        • wewbull@iusearchlinux.fyi
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          That annoys me so much. Especially when the randomly generated line noise password I’m using doesn’t happen to include one of the three punctuation characters they need to be “secure”.