42
[Question] Is this a secure way to generate passwords
(sh.itjust.works)
c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.
THE RULES
Instance Rules
Community Rules
If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.
Learn about hacking
Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub
Notable mention to !cybersecuritymemes@lemmy.world
Using a prefix with a 40 char password is not really a good option because if this was compromised because it was let’s say intercepted then the attackers would easily be able to guess that if there is bank_suffix then facebook_suffix might be a good guess.
Really? The example "bank+[40 character password]" was just an example. Obviously I wouldn't use bank for my banking credentials. I was also under the impression that many websites and applications wouldn't store or transmit plaintext passwords (I wouldn't use http for transmitting credentials). I do concede that there is a news story every month about a corporation getting hacked and the user's passwords were stolen and in plaintext so they could compromise me that way. But I don't think hackers are really going after me because I'm broke. The government maybe. This is really just so I can have a convenient way to have a complex password. I can't remember 5 different 15-20 character complex passwords.
I think you have the right idea. You are using "bank" as a salt so the hash should be acceptably secure.
Yes. And every application has a different salt. I really just hope these websites don't store plaintext passwords.