Home page logo

basics logo Security Basics mailing list archives

Password variation scheme a plus in security?
From: "Stefan Schmidt" <Stefan.Schmidt () gmx net>
Date: Mon, 30 Jun 2008 02:00:46 +0200

I need an opinion. Let's say I have a few hundred web accounts
and I don't want to remember a few hundred passwords, neither
do I want to look them up each time I want to access one of the
sites, so I'm using one (secure) password for all sites. This is
obviously not a good thing, since when one site gets hacked
and they stored their passwords in an unsafe manner all others
are potentially endangered. The Question now is, would it now
be an advantage in terms of security in this case to use a
password variation scheme like replace the third character of
the password with the second letter of the sites domain name
advanced five letters in the alphabet? Obviously it would prevent
immediately successful logins, but does this really increase
security? My idea is that the hackers have like 100.000 passwords
and from these maybe 90.000 give them immediate login success
at other sites, so they might just ignore the 10.000 that don't
immediately work. Or is it rather standard procedure in hacking
attacks to try variations of the acquired passwords?

Cheers, Stefan

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]