top | item 9281238

(no title)

breakall | 11 years ago

This helps when your password is lost along with thousands / millions of other passwords in a breach -- attackers would be trying to re-use passwords programmatically in bulk and wouldn't detect your algorithm.

But if you were individually targeted i.e. a human attacker is looking at your password, your algorithm would provide access to many of your accounts with little effort.

I used to use this solution, btw, but have now gone to a unique, complex password per site with a password manager.

discuss

fapjacks|11 years ago

I also used to use this solution about ten or fifteen years ago and have since moved on to password managers and long passphrases for accounts whose passwords I do not want to store in the password manager.