Yeah, but there are degrees of vulnerability. Otherwise, things like password strength or MFA wouldn’t matter.
If all your passwords are fully random, then that’s one less weakness that can be exploited. People can’t make educated guesses about your passwords just from analysing your social media profiles and history, e.g. if you post a lot about Star Wars, it’s more likely your passwords could contain a Star Wars reference.
sxan@midwest.social 4 days ago
… true. You were clearly talking about how the “root” was constructed. If the root were random, a weakness would still be inherent in having the root exposed means all your accounts are potentially compromised, but the social hacking wouldn’t be as much of an issue.
I skipped over the root generation, as it’s just a useless twist on an older process. “Useless” in that I don’t think it adds any value to construct a root from favorite things. It’s no easier than just memorizing a single 12-character random string and then adding per-site suffixes, which is how I first heard this described a decade ago.