Comment

Comment on I have an acquaintance that have their own "password system" that involves having a "core" set of characters, plus a few unique characters for each site; Is that system safe?

<- View Parent

throwawayacc0430@sh.itjust.works ⁨5⁩ ⁨days⁩ ago

There’s literally only 4 characters difference between all their passwords, even if those would be completely random, that’s very bad.

So the 4 characters is just my way to explain their system, I don’t actually know how many characters they use in their “unique” part of the password, but the idea is that the unique part of the password is derived from the website’s name.

source

Sort:hotnew top

F04118F@feddit.nl ⁨5⁩ ⁨days⁩ ago
Obviously random is better, but uniqueness of passwords is IMO even more important. They are effectively spreading around their master password

source
Clent@lemmy.dbzer0.com ⁨5⁩ ⁨days⁩ ago
The relationship is the problem.

Calculating the levenshtein distance is the first thing that comes to mind, then creating a regular expression that covers any leaked passwords tied to the same account.

This is all easily scriptable and two leaked passwords might be all a script needs to discover the pattern. Once the pattern is known, all of their passwords become knowable.

source