top | item 41538132

(no title)

Not reusing passwords at all is pretty impractical. If you really want to depend on a single password manager then you have some other issues. Usually I have settled for rotating, compartmentalized password modules which allows me to somewhat rather than fully contain a compromised password. And if your modular password has three slots (term taken from linguistics) then you can compose passwords which reuse parts, are memorizable, and not automatically reusable on other services.

The problem though is that since one has a number of passwords which may be different but closely related, a human may be able to infer a few possible passwords from a few compromised ones. In other words it still dramatically shrinks the key space an attacker might want to try to brute force. Preventing re-use is then a problem for 2fa regimes.

For my part I won't use passwords I cannot memorize and keep memorized in relation to the web site.

discuss

No comments yet.