top | item 7701370

(no title)

sotu | 11 years ago

I do something very similar to this, base password which is some digits and then some key word that comes to mind based on the website. For example I might use 123456cashmoney for my bank and 123456friends for facebook. Usually I use the first thing that comes to mind when I see the domain as I am very likely to think that same thing a year down the road when I am trying to remember that password! I've had a high success rate with this, rarely reset passwords for websites I dont access but once a year (ie turbotax)

discuss

akerl_|11 years ago

Using words related to the target domain is one of the tactics most beloved by attackers, as that's where they'll be starting their dictionary attack. Hitting a bank? There are a few hundred bank-specific words, let's start with those, plus all the "cute" leetspeak substitutions and with prefixes/suffixes tacked on.