Comment on I have an acquaintance that have their own "password system" that involves having a "core" set of characters, plus a few unique characters for each site; Is that system safe?

hperrin@lemmy.ca ⁨1⁩ ⁨week⁩ ago

It’s probably not safe if they use that for everything. Someone could match emails and password suffixes, then they’d only have four letters to brute force. So all it takes is two leaks that your friend is on and he’s at real risk.

Generally, this would be avoided by whatever site storing their passwords as hashes instead of in plain text, but you can’t rely on that.

They should just use a password manager.

source
Sort:hotnewtop