guessing the prefix wouldn’t be that hard
Devil’s Advocate: Most websites have limitations on the number of attempts.
LiamMayfair@lemmy.sdf.org 5 days ago
That system is vulnerable to social engineering attacks. If hackers found out all their favourite things that lead to the core part of the password, guessing the prefix wouldn’t be that hard. Also, what would your friend do if one of these passwords got compromised and had to change it? Would he just add a 1 to the site-specific part of the password?
throwawayacc0430@sh.itjust.works 5 days ago
Tiger@sh.itjust.works 5 days ago
Hackers aren’t always using the login interface, sometimes they’re beyond that and have access to the database of password hashes, and they’re trying to crack the password that can be entered to match a hash and get to try as many times as they like on their own away from the target system.
sxan@midwest.social 5 days ago
Isn’t every system vulnerable to social engineering hacks?
LiamMayfair@lemmy.sdf.org 4 days ago
Yeah, but there are degrees of vulnerability. Otherwise, things like password strength or MFA wouldn’t matter.
If all your passwords are fully random, then that’s one less weakness that can be exploited. People can’t make educated guesses about your passwords just from analysing your social media profiles and history, e.g. if you post a lot about Star Wars, it’s more likely your passwords could contain a Star Wars reference.
sxan@midwest.social 4 days ago
… true. You were clearly talking about how the “root” was constructed. If the root were random, a weakness would still be inherent in having the root exposed means all your accounts are potentially compromised, but the social hacking wouldn’t be as much of an issue.
I skipped over the root generation, as it’s just a useless twist on an older process. “Useless” in that I don’t think it adds any value to construct a root from favorite things. It’s no easier than just memorizing a single 12-character random string and then adding per-site suffixes, which is how I first heard this described a decade ago.